Keycloak Configuration

Here follows some MedCo-specific instructions for the administration of Keycloak. For anything else, please refer to the Keycloak Server Administration Guide.

Accessing the web administration interface

In the case of the development profile dev-local-3nodes (i.e. without reverse proxy), the address is http://localhost:8081/auth/admin. In the other cases (with the reverse proxy), the address is http://<node domain name>/auth/admin. The credentials are :

• User keycloak

• Password keycloak by default, or whatever else was configured at the initial deployment.

Disabling HTTPS requirement for external connections

When deploying the test-local-3nodes profile without HTTPS on a machine other than localhost, the administration interface will refuse to load. To solve this, access pgAdmin (see The PostgreSQL database) and execute the following SQL on the keycloak database:

update REALM set ssl_required = 'NONE' where id = 'master';

You need to restart the Keycloak docker container to enable the changes.

Import MedCo Default Settings

Import the provided realm configuration into Keycloak. This will create the MedCo client with the appropriate roles.

• Go to the Import menu

• Click on Select file and select the file keycloak-medco-realm.json that you will find in ~/medco-deployment/resources/configuration.

• Select to import everything, and to Skip if resources already exist

Configure the MedCo OpenID Connect client

In the Settings tab, fill Valid Redirect URIs according to the following table:

Deployment Profile	Valid Redirect URIs
test-local-3nodes	http(s)://<node domain name>/glowing-bear
test-network	https://<node domain name>/glowing-bear
dev-local-3nodes	http://localhost:4200

In the same tab, fill Web Origins with + and save.

User Management

Add a user

• Go to the configuration panel Users, click on Add user.

• Fill the Username field, toggle to ON the Email Verified button and click Save.

• In the next window, click on Credentials, enter twice the user’s password, toggle to OFF the Temporary button if desired and click Reset Password.

Give query permissions to a user

• Go to the configuration panel Users, search for the user you want to give authorization to and click on Edit.

• Go to the Role Mappings tab, and select medco (or another client ID set up for the MedCo OIDC client) in the Client Roles.

• Add the roles you wish to give the user, each of the roles maps to a query type.