airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AIRAVATA-2431) Create the Keycloak realm as part of migration
Date Fri, 16 Jun 2017 15:28:00 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16042955#comment-16042955
] 

Marcus Christie edited comment on AIRAVATA-2431 at 6/16/17 3:27 PM:
--------------------------------------------------------------------

Some manual steps I needed to complete after the migration to fully get security working:
* Log in as the admin user and set the admin password
** log in through the Keycloak console for that realm, in this case for seagrid: https://iam.scigap.org/auth/admin/seagrid/console/
** use the temporary password {{Password@123}}
** change the password as instructed
* Log in as a user with the admin role into the portal and create a password credential for
the Keycloak admin user
** Create a new credential as usual with the admin username and the password created in the
previous step
* In Gateway preferences, set the tenant id to the same as the gateway id (for example, "seagrid")
and select the password credential created in the previous step. Click *Set preferences*.

With this in place I was able to configure the API server to have {{api.secured=true}} and
API security is working as expected.


----
*UPDATE*: I've now implemented automating the above steps in the MigrationManager.java.


was (Author: marcuschristie):
Some manual steps I needed to complete after the migration to fully get security working:
* Log in as the admin user and set the admin password
** log in through the Keycloak console for that realm, in this case for seagrid: https://iam.scigap.org/auth/admin/seagrid/console/
** use the temporary password {{Password@123}}
** change the password as instructed
* Log in as a user with the admin role into the portal and create a password credential for
the Keycloak admin user
** Create a new credential as usual with the admin username and the password created in the
previous step
* In Gateway preferences, set the tenant id to the same as the gateway id (for example, "seagrid")
and select the password credential created in the previous step. Click *Set preferences*.

With this in place I was able to configure the API server to have {{api.secured=true}} and
API security is working as expected.

> Create the Keycloak realm as part of migration
> ----------------------------------------------
>
>                 Key: AIRAVATA-2431
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2431
>             Project: Airavata
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>             Fix For: 0.18
>
>
> Currently the MigrationManager assumes that there already is a Keycloak realm in which
to migrate users.  This requires that someone manually create a Keycloak realm, which would
be error prone and time consuming for migrating all of the gateways we want to migrate.
> Instead, the MigrationManager should create the Keycloak realm as part of the migration.
 We already have [Keycloak realm creation/setup service method in the Profile Service|https://github.com/apache/airavata/blob/58ea1bfe780d7aaf34cabf886ca298d5e9b1c8ee/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift#L46-L46].
We should make use of that.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message