airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <>
Subject [jira] [Commented] (AIRAVATA-2431) Create the Keycloak realm as part of migration
Date Thu, 08 Jun 2017 16:22:18 GMT


Marcus Christie commented on AIRAVATA-2431:

Some manual steps I needed to complete after the migration to fully get security working:
* Log in as the admin user and set the admin password
** log in through the Keycloak console for that realm, in this case for seagrid:
** use the temporary password {{Password@123}}
** change the password as instructed
* Log in as a user with the admin role into the portal and create a password credential for
the Keycloak admin user
** Create a new credential as usual with the admin username and the password created in the
previous step
* In Gateway preferences, set the tenant id to the same as the gateway id (for example, "seagrid")
and select the password credential created in the previous step. Click *Set preferences*.

With this in place I was able to configure the API server to have {{api.secured=true}} and
API security is working as expected.

> Create the Keycloak realm as part of migration
> ----------------------------------------------
>                 Key: AIRAVATA-2431
>                 URL:
>             Project: Airavata
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>             Fix For: 0.18
> Currently the MigrationManager assumes that there already is a Keycloak realm in which
to migrate users.  This requires that someone manually create a Keycloak realm, which would
be error prone and time consuming for migrating all of the gateways we want to migrate.
> Instead, the MigrationManager should create the Keycloak realm as part of the migration.
 We already have [Keycloak realm creation/setup service method in the Profile Service|].
We should make use of that.

This message was sent by Atlassian JIRA

View raw message