scp93ch
commented
1 year ago The configuration used in the insecure config is:
realm: ssm-realm (though this can be set in the Spyderisk application.properties file)
- display name: SPYDERISK
- HTML display name: SPYDERISK
- require-ssl: none
client: system-modeller
- client authentication on, standard flow enabled, service accounts roles enabled
service account roles:
- account: manage-account, view-profile, manage-account-links
- realm-management: manage-users, query-groups, query-users, view-users
- other: admin, user
- defaults: offline_access, uma_authorization, default-roles-ssm-realm
- valid redirect URIs: http://* (otherwise it doesn't like http)
- credentials:
- use "client Id & secret"
- client secret defined (must match key in Spyderisk
application.properties)
Two users are defined in the insecure config. These would not need to be created in an external keycloak, but are copied here for reference.
user: testadmin
- name: Admin User
- account: manage-account, view-profile, manage-account-links
- realm-management: manage-users, query-groups, query-users, view-users
- other: admin, user
- defaults: offline_access, uma_authorization, default-roles-ssm-realm
user: testuser
- name: Normal User
- account: manage-account, view-profile, manage-account-links
- other: user
- defaults: offline_access, uma_authorization, default-roles-ssm-realm
A deployment using the integrated (insecure) keycloak is automatically configured with the necessary realm, roles and users.
If the deployment uses an external keycloak then the administrator needs to know what realm and roles and other config is necessary. This should be documented in this project.