419 authenticator against keycloak

[longshuicy]

Description

Add provider for keycloak authentication.

How to test:

1. Have a running keycloak instance (can reuse the clowder2 keycloak container)

2. Unzip, import the realm or create your own.

realm-export.json.zip

3. If you choose to create your own realm, make sure you register the redirect URL as {host}/authenticate/keycloak

4. Get the client secret

5. overwrite config by add below to the custom/custom.conf

ehcacheplugin = enabled

securesocial.keycloak={
    authorizationUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/auth"
    accessTokenUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/token"
    userinfoUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/userinfo"
    clientId="clowder1-backend"
    clientSecret= client scecret copied from step 3
    scope="profile email roles"
}

6. create custom/play.plugins with

10005:services.KeycloakProvider

7. test http://localhost:9000/login

Review Time Estimate

• [ ] Immediately
• [ ] Within one week
• [x] When possible

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [ ] My change requires a change to the documentation.
• [x] I have updated the CHANGELOG.md.
• [x] I have signed the CLA
• [ ] I have updated the documentation accordingly.
• [x] I have read the CONTRIBUTING document.
• [x] I have added tests to cover my changes.
• [x] All new and existing tests passed.