Unable to configure OAuth2 with Keycloak in Eclipse /Hawkbit

[KOTTIRAMSAI]

Can any one help me to configure oAuth2 with keycloak in Eclipse/Hawkbit application

[aktivk]

Hi @KOTTIRAMSAI ,

Add the below configuration in the property file

spring.security.oauth2.client.registration.oidc.client-id: <client>
spring.security.oauth2.client.registration.oidc.client-secret: <secret>
spring.security.oauth2.client.registration.oidc.scope: openid,profile,email
spring.security.oauth2.client.provider.oidc.issuer-uri: <keycloak issuer URI>

[KOTTIRAMSAI]

Hi @aktivk Thank For your reply, I have already added configuration in the "application.properties" file. Can u tell me what are the next steps to be follow to enable OIDC

[aktivk]

Hi @KOTTIRAMSAI , You do not need any additional configuration to enable the OIDC. As soon as you have the OIDC configuration in properties file, it automatically enables this feature. Just try to access the http://localhost:8080/login and it will redirect you to your OIDC provider

[axelroy]

Hi @KOTTIRAMSAI ,

As @aktivk said before, you can either setup the hawkbit-mgmt-api-defaults.properties like this :

spring.security.oauth2.client.registration.oidc.client-id=account
spring.security.oauth2.client.registration.oidc.client-secret=secret
spring.security.oauth2.client.provider.oidc.issuer-uri=http://localhost:8080/auth/realms/master
spring.security.oauth2.client.provider.oidc.authorization-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/auth
spring.security.oauth2.client.provider.oidc.token-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/token
spring.security.oauth2.client.provider.oidc.user-info-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.oidc.jwk-set-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/certs

Or directly into your docker-compose file with an .env file :

services:
    hawkbit:
        container_name: hawkbit
        image: "hawkbit/hawkbit-update-server:latest-mysql"
        environment:
        - 'SPRING_APPLICATION_JSON={
            "spring.security.oauth2.client.registration.oidc.client-id": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID}",
            "spring.security.oauth2.client.registration.oidc.client-secret": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET}",
            "spring.security.oauth2.client.registration.oidc.scope": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_SCOPE}",
            "spring.security.oauth2.client.registration.oidc.authorization-grant-type": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_AUTHORIZATION_GRANT_TYPE}",
            "spring.security.oauth2.client.provider.oidc.issuer-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI}",
            "spring.security.oauth2.client.provider.oidc.authorization-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_AUTHORIZATION_URI}",
            "spring.security.oauth2.client.provider.oidc.jwk-set-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_JWT_SET_URI}",
            "spring.security.oauth2.client.provider.oidc.token-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_TOKEN_URI}",
            "spring.security.oauth2.client.provider.oidc.user-info-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_USER_INFO_URL}"
            }'

Hawkbit will then use this configuration, you can check this by debugging the OidcUserManagementAutoConfiguration if needed.

You might have trouble to map the keycloak client roles correctly in the first time, but that's only Keycloak configuration.

[KOTTIRAMSAI]

Hi @axelroy and @aktivk Thanks for Replying ! I have integrated the keycloak with hawkbit after successful validation it redirect to hawkbit but it is not showing distrubution in deployment page I have created the distrubution in distrubution page.And I have assigned all client level roles to the user

[aktivk]

Hi @KOTTIRAMSAI You have to first assign the software module to distribution set (using drag and drop in Distributions page) in order to see the distribution sets in the deployment page

[KOTTIRAMSAI]

Hi @aktivk ! Thanks for your reply! I have a doubt only os assigned software modules is appearing in delpoyment page but application assigned is not apppering in deployment page and when I am assiging distrubution to targets directly it is not assigning but when I created a new target filter then I am assigning through auto assign distrubution set then it is assigning to targets.