This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git
commit e2c490f3989e75198846713e403eda1f913264bd Author: Robert Munteanu <[email protected]> AuthorDate: Fri Feb 10 17:33:57 2023 +0100 Manual instructions for setting up Keyloak + Starter --- org.apache.sling.servlets.oidc-rp/README.md | 67 ++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/org.apache.sling.servlets.oidc-rp/README.md b/org.apache.sling.servlets.oidc-rp/README.md index 55e61e48..58aeb283 100644 --- a/org.apache.sling.servlets.oidc-rp/README.md +++ b/org.apache.sling.servlets.oidc-rp/README.md @@ -72,7 +72,72 @@ Ensure you are logged in. At this point you need to can navigate to /home/users/${USERNAME}/oidc-tokens/${CONNECTION_NAME} and you will see the stored token and expiry date (if available ). -## Whiteboard graudation TODO +### Local development setup + +#### Keycloak + +1. Launch Keycloak locally + +``` +$ docker run --rm --volume (pwd)/keycloak-data:/opt/keycloak/data -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.3 start-dev +``` + +2. Create test realm + +- access http://localhost:8081/ +- go to 'Administration Console' +- login with admin:admin +- open dropdown from the top left and press 'Create realm' +- Select the name 'sling' and create it + +3. Create client + +- in the left navigation area, press 'clients' +- press 'Create client' +- Fill in 'Client ID' as 'oidc-test' and press 'Next' +- Enable 'Client authentication' and press 'Save' + +4. Configure clients + +- in the client details page, set the valid redirect URIs to http://localhost:8080/system/sling/oidc/callback and save +- navigate to the 'Credentials' tab and copy the Client secret + +5. Add users + +- in the left navigation area, press 'users' +- press 'create new user' +- fill in username: test and press 'create' +- go to the 'details' tab, clear any required user actions and press 'save' +- go to the 'credentials' tab and press 'set password' +- in the dialog, use 'test' for the password and password confirmation fields and then press 'save' +- confirm by pressing 'save password' in the new dialog + +#### Sling + +1. OSGi bundles + +TODO + +2. OSGi config + +``` +org.apache.sling.servlets.oidc_rp.impl.OidcConnectionImpl +name: keycloak +baseUrl: http://localhost:8081/realms/sling +clientId: oidc-test +clientSecret: ( copied from above) +scopes: openid + +``` + +#### Obtaining the tokens + +- navigate to http://localhost:8080/system/sling/login and login as admin/admin +- go to http://localhost:8080/system/sling/oidc/entry-point?redirect=/bin/browser.html/home/users +- complete the login flow +- navigate in composum to the user name of the admin user and verify that the 'oidc-tokens' node contains a keycloak node with the respective access_token and refresh_token properties + +## Whiteboard graduation TODO - bundle/package should probably be org.apache.sling.extensions.oidc-rp, as the primary entry point is the Java API - document usage; make sure to explain this is _not_ an authentication handler
