SORMAS-Foundation / SORMAS-Project

SORMAS (Surveillance, Outbreak Response Management and Analysis System) is an early warning and management system to fight the spread of infectious diseases.
https://sormas.org
GNU General Public License v3.0
293 stars 143 forks source link

Difficulties with keycloak #13139

Open markusmann-vg opened 2 months ago

markusmann-vg commented 2 months ago

Bug Description

Double authentication, not operational

Details requested

Reproduction Steps

1. 2. ...

Expected Behavior

No response

Affected Area(s)

Web app

SORMAS Version

SORMAS 1.79

Android version/Browser

Chrome

User Role(s)

all

Server URL

No response

Additional Information

No response

markusmann-vg commented 1 month ago

@leventegal-she @cazac-marin Additional information from Lux:

Here we need more features in the keycloak container in order to analyse and adapt internal rules: I have to include the CTIE CA Root in the container. So I would need CA Update and manage commands. Also config modification are needed, but no edit apps are available in the container.

proxy = edge hostname-strict = false hostname-strict-https = false

markusmann-vg commented 1 month ago

and:

For the keycloak, I have enabled the AUTH_PROVIDER_TO_SORMAS_USER_SYNC

In our database there are 2 lines for this:

Image

And in the sormas.properties files we only had: authentication.provider.syncedNewUserRole=

I have modified the field to authentication.provider.syncedNewUserRole=National User

And I can see the Sync User button on the User Management screen.

Sync Users button is also properly synchronising the User from Keycloak to Sormas.

cazacmarin commented 1 month ago

@markusmann-vg - we need a reply to the next question from the opener of this ticket: From the ticket description, they asked us to include CTIE CA Root certificate in the container. Question: How they currently are including CTIE CA Root certificate in the container (in their prod environment.)

cazacmarin commented 1 month ago

Configuration which needs to be done in order to make Keycloak working in https mode, are in attached pdf file: HTTPS_in_Keycloak_Configuration - Final.pdf

cazacmarin commented 1 day ago

Adding one more document which is including configuration required for ONLY localhost. HTTPS_in_Keycloak_Configuration(for localhost) - Final.pdf