Here follows some MedCo-specific instructions for the administration of Keycloak. For anything else, please refer to the Keycloak Server Administration Guide.
Accessing the web administration interface
In the case of the development profile dev-local-3nodes (i.e. without reverse proxy), the address is http://localhost:8081/auth/admin. In the other cases (with the reverse proxy), the address is http://<node domain name>/auth/admin. The credentials are :
User keycloak
Password keycloak by default, or whatever else was configured at the initial deployment.
Disabling HTTPS requirement for external connections
When deploying the test-local-3nodes profile without HTTPS on a machine other than localhost, the administration interface will refuse to load. To solve this, access pgAdmin (see ) and execute the following SQL on the keycloak database:
You need to restart the Keycloak docker container to enable the changes.
Import MedCo Default Settings
Import the provided realm configuration into Keycloak. This will create the MedCo client with the appropriate roles.
Go to the Import menu
Click on Select file and select the file keycloak-medco-realm.json that you will find in ~/medco-deployment/resources/configuration.
Configure the MedCo OpenID Connect client
In the Settings tab, fill Valid Redirect URIs according to the following table:
In the same tab, fill Web Origins with + and save.
User Management
Add a user
Go to the configuration panel Users, click on Add user.
Fill the Username field, toggle to ON the Email Verified button and click Save.
Give query permissions to a user
Go to the configuration panel Users, search for the user you want to give authorization to and click on Edit.
Go to the Role Mappings tab, and select medco (or another client ID set up for the MedCo OIDC client) in the Client Roles.
Add the roles you wish to give the user, each of the roles maps to a query type.
Select to import everything, and to Skip if resources already exist