Keycloak Configuration
Here follows some MedCo-specific instructions for the administration of Keycloak. For anything else, please refer to the Keycloak Server Administration Guide.
Accessing the web administration interface
In the case of the development profile dev-local-3nodes (i.e. without reverse proxy), the address is http://localhost:8081/auth/admin
. In the other cases (with the reverse proxy), the address is http://<node domain name>/auth/admin
. The credentials are :
User
keycloak
Password
keycloak
by default, or whatever else was configured at the initial deployment.
Disabling HTTPS requirement for external connections
When deploying the test-local-3nodes profile without HTTPS on a machine other than localhost
, the administration interface will refuse to load. To solve this, access pgAdmin (see The PostgreSQL database) and execute the following SQL on the keycloak
database:
You need to restart the Keycloak docker container to enable the changes.
Import MedCo Default Settings
Import the provided realm configuration into Keycloak. This will create the MedCo client with the appropriate roles.
Go to the Import menu
Click on Select file and select the file
keycloak-medco-realm.json
that you will find in~/medco-deployment/resources/configuration
.Select to import everything, and to Skip if resources already exist
Configure the MedCo OpenID Connect client
In the Settings tab, fill Valid Redirect URIs according to the following table:
Deployment Profile
Valid Redirect URIs
test-local-3nodes
http(s)://<node domain name>/glowing-bear
test-network
https://<node domain name>/glowing-bear
dev-local-3nodes
http://localhost:4200
In the same tab, fill Web Origins with +
and save.
User Management
Add a user
Go to the configuration panel Users, click on Add user.
Fill the Username field, toggle to
ON
the Email Verified button and click Save.In the next window, click on Credentials, enter twice the user’s password, toggle to
OFF
the Temporary button if desired and click Reset Password.
Give query permissions to a user
Go to the configuration panel Users, search for the user you want to give authorization to and click on Edit.
Go to the Role Mappings tab, and select medco (or another client ID set up for the MedCo OIDC client) in the Client Roles.
Add the roles you wish to give the user, each of the roles maps to a query type.
Last updated