Verified Commit bc21902b authored by p.jbowden's avatar p.jbowden
Browse files

upgrade snet-xnat-asclepios for keycloak v15

parent 1ae2a2c5
Pipeline #258649 failed with stages
in 2 minutes and 46 seconds
......@@ -60,16 +60,15 @@ You need to import `conf/realm-export.json` in order to provision the keycloak r
The change is necessary to faciliate the storage of cpabe keys as user attributes, as a cpabe key is usually more than 1000 characters in length.
- Execute the following command:
- Execute the following command as root:
```sh
sudo docker exec --env-file .env keycloak-db mysql --user="root" --password="$(sudo cat .env.d/KEYCLOAK_DB_ROOT_PASSWORD)" --database=keycloak --execute='ALTER TABLE USER_ATTRIBUTE MODIFY value text CHARACTER SET utf8 COLLATE utf8_general_ci;'
docker exec --env-file .env keycloak-db mysql --user="root" --password="$(cat .env.d/KEYCLOAK_DB_ROOT_PASSWORD)" --database=keycloak --execute='ALTER TABLE USER_ATTRIBUTE MODIFY value varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci;
```
Now you can import the realm manually using the keycloak admin UI
* Open the Keycloak admin interface in a web browser.
For example, run `firefox $(grep '^KEYCLOAK_AUTH_ENDPOINT' .env | awk -F= '{print $2}')`
- Log in with the credential output by `grep KEYCLOAK_ADMIN .env` to show the credentials for keycloak.
- Click `Add Realm` at the top left under `Master`
- Click `Import -> Select File` and select the file at `./conf/realm-export.json` in this repository
......@@ -101,7 +100,6 @@ Finally, if you want to run the automated end-to-end tests, you need to set a pa
XNAT's database is provisioned using a SQL dump. This SQL dump contains the default XNAT admin user, with the password 'admin' (just like on a default xnat installation).
* Open the XNAT admin interface in a web browser.
For example, run `firefox $(grep '^XNAT_ADMIN_URL' .env | awk -F= '{print $2}')`
* Login with the credentials `username=admin,password=admin`
- Run `cat .env.d/XNAT_ADMIN_PASSWORD`
* Go to `Adminster -> Users -> admin -> Change Password` and set the password to value output by the previous command.
......
......@@ -23,7 +23,7 @@ render_tpl() {
}
render_tpl "$DIRECTORY/conf-tpl/realm-export.json.tpl" "$DIRECTORY/conf/realm-export.json"
render_tpl "$DIRECTORY/conf-tpl/openid-provider.properties.tpl" "$DIRECTORY/conf/openid-provider.properties"
render_tpl "$DIRECTORY/conf-tpl/xnat-openid-provider.properties.tpl" "$DIRECTORY/conf/xnat-openid-provider.properties"
render_tpl "$DIRECTORY/conf-tpl/zuul.application.yml.tpl" "$DIRECTORY/conf/zuul.application.yml"
render_tpl "$DIRECTORY/conf-tpl/zuul.authorization-client.properties.tpl" "$DIRECTORY/conf/zuul.authorization-client.properties"
render_tpl "$DIRECTORY/conf-tpl/nginx-proxy.conf.tpl" "$DIRECTORY/conf/nginx-proxy.conf"
......
name=OpenId
auth.method=openid
type=openid
provider.id=openid
visible=true
auto.enabled=true
auto.verified=true
name=OpenID Authentication Provider
disableUsernamePasswordLogin=false
enabled=keycloak
siteUrl={{ .Env.XNAT_ADMIN_URL }}
preEstablishedRedirUri=/openid-login
enabled=keycloak
openid.keycloak.clientId={{ .Env.KEYCLOAK_PUBLIC_CLIENT }}
openid.keycloak.clientSecret=
openid.keycloak.accessTokenUri={{ .Env.XNAT_OPENID_ACCESS_TOKEN_BASE_URL }}/auth/realms/snet/protocol/openid-connect/token
......@@ -17,8 +17,8 @@ openid.keycloak.scopes=openid,profile,email
openid.keycloak.link=<p>To sign-in using your Keycloak credentials, please click on the button below.</p></p><p><a href="/xnat/openid-login?providerId=keycloak">Sign-in with Keycloak</a></p>
openid.keycloak.shouldFilterEmailDomains=false
openid.keycloak.forceUserCreate=true
openid.keycloak.userAutoEnabled=false
openid.keycloak.userAutoVerified=false
openid.keycloak.userAutoEnabled=true
openid.keycloak.userAutoVerified=true
openid.keycloak.emailProperty=email
openid.keycloak.givenNameProperty=given_name
openid.keycloak.familyNameProperty=family_name
......@@ -121,7 +121,7 @@ services:
- ../conf/xnat.sql:/docker-entrypoint-initdb.d/xnat.sql
xnat:
image: docker.gitlab.gwdg.de/snet-asclepios-demo/dockerfiles/somnonetz/snet-xnat-asclepios:latest
image: docker.gitlab.gwdg.de/snet-asclepios-demo/dockerfiles/somnonetz/snet-xnat-asclepios@sha256:5bdaae215dd56691bb4a1d703dbeeabd4e997dfff05d364bfc7f2b24dbe46ea9
container_name: xnat
environment:
# tomcat web app settings
......@@ -171,7 +171,8 @@ services:
- ../data/xnat/logs:/data/xnat/home/logs
- ../data/xnat/archive:/data/xnat/archive
- ../data/xnat/build:/data/xnat/build
- ../conf/openid-provider.properties:/data/xnat/home/config/auth/openid-provider.properties
- ../conf/xnat-openid-provider.properties:/data/xnat/home/config/auth/openid-provider.properties
# - ../conf/xnat-prefs-init.ini:/data/xnat/home/config/prefs-init.ini
# - ../../snet-asclepios-editor/build:/usr/local/tomcat/webapps/sn-editor
# - ../../snet-asclepios-search/asclepios-search:/usr/local/tomcat/webapps/asclepios-search
# - ../../snet-asclepios-plugin/build/libs/snet-asclepios-plugin-0.1.4.jar:/data/xnat/home/plugins/snet-asclepios-plugin-0.1.4.jar
......
......@@ -206,7 +206,7 @@ topology_template:
xnat:
type: tosca.nodes.MiCADO.Container.Application.Docker.Deployment
properties:
image: docker.gitlab.gwdg.de/snet-asclepios-demo/dockerfiles/somnonetz/snet-xnat-asclepios:latest
image: docker.gitlab.gwdg.de/snet-asclepios-demo/dockerfiles/somnonetz/snet-xnat-asclepios@sha256:5bdaae215dd56691bb4a1d703dbeeabd4e997dfff05d364bfc7f2b24dbe46ea9
env:
- name: XNAT_ROOT
value: "{{ .Env.XNAT_ROOT }}"
......@@ -293,7 +293,7 @@ topology_template:
type: tosca.relationships.AttachesTo
properties:
location: /data/xnat/home/config/auth/openid-provider.properties
subPath: openid-provider.properties
subPath: xnat-openid-provider.properties
xnat-openid-provider-conf:
type: tosca.nodes.MiCADO.Container.Volume.NFS
properties:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment