Closed panositi closed 4 weeks ago
These two files include links to the Keycloak service to (a) manage the user's account and (b) manage the realm.
One solution would be to change the links in the JS to e.g. "/auth/admin-console" and "/auth/account" and then have the reverse proxy (in system-modeller-deployment) redirect to whatever is needed via complete environment variables for the locations in the auth system (e.g. keycloak) or by adding just an env var for the realm and have the reverse proxy build up the necessary paths.
We can provide a temporary patch in the reverse proxy to re-write urls with the correct realm name e.g.
location = /auth/realms/ssm-realm/account/ {
rewrite ^.*$ https://keycloak.it-innovation.soton.ac.uk/auth/realms/$realm_name/account/ redirect;
}
location = /auth/admin/ssm-realm/console/ {
rewrite ^.*$ https://keycloak.it-innovation.soton.ac.uk/auth/admin/$realm_name/console/ redirect;
}
Yes, that's the sort of thing we need, but making it generic. So the JS should have a link to /auth/account-management
and the proxy should redirect from that to something entirely defined in an env variable, i.e. set a variable for $ACCOUNT_MGT
or something.
Similarly, we can redirect from /auth/user-management
to $USER_MGT
.
@panos did you make any progress on this? Should we transfer it to @kenmeacham ?
@panos did you make any progress on this? Should we transfer it to @kenmeacham ?
I had discuss it with Ken and we agreed it was easier for him to fix this issue as he was already working in another JS related issue.
The Spyderisk JS has a fixed name for the keycloak realm:
ssm-realm
. The Spyderisk service deployment has the flexibility to overwrite the default values of the realm used, however that is not the case with the UI JS code.in particular
src/main/webapp/app/admin/components/Admin.js
and/src/main/webapp/app/common/components/header/Header.js