goseind
commented
1 year ago @ntarocco / @zzacharo maybe you can have a look at this/my PR #295? Thanks 😃
Closed goseind closed 11 months ago
goseind
commented
1 year ago @ntarocco / @zzacharo maybe you can have a look at this/my PR #295? Thanks 😃
ntarocco
commented
1 year ago Sorry for the late answer, I have asked @max-moser to have a look give that he created the keycloak integration. Thanks a lot for your PR!
Motivation
IAM services like indigo-iam which are set up for only one VO do not work with
realms, however, the invenio-oauthclient keycloak contrib requires arealmper default and doesn't allow it to be omitted:https://github.com/inveniosoftware/invenio-oauthclient/blob/3cb6e23f962dc2a0bf6996fc1391f911b5beb7ad/invenio_oauthclient/contrib/keycloak/settings.py#L32-L48
This issue comes out of an effort to implement a generic third-party IAM service configuration option in REANA described here: https://github.com/reanahub/reana-server/issues/513
Proposal
Change the keycloak contrib in a way that allows omitting the declaration of a
realm.I'm already trying to solve this on my own but would appreciate some help. As REANA is using v1.5.4 this is the one I'm developing with atm.