Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add jans-saml instructions #7659

Merged
merged 14 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions docs/admin/kubernetes-ops/jans-saml.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
---
tags:
- administration
- kubernetes
- operations
- jans-saml
- keycloak
---


Jans-SAML/Keycloak has the flexibility to be deployed using either MySQL or PostgreSQL as its backend.

# MySQL

Make the following changes in your `values.yaml`:

```yaml
global:
saml:
enabled: true
ingress:
samlEnabled: true
config:
configmap:
kcDbVendor: mysql
kcDbUsername: keycloak
kcDbPassword: Test1234#
kcDbSchema: keycloak
kcDbUrlHost: mysql.kc.svc.cluster.local
kcDbUrlPort: 3306
kcDbUrlDatabase: keycloak
```


If you provide a non-root MySQL user to Keycloak, you will encounter the following error and warnings:

```
SQLException: XAER_RMERR: Fatal error occurred in the transaction branch - check your data for consistency
WARNING - jans-saml - 2024-02-05 16:54:04,256 - Unable to grant XA_RECOVER_ADMIN privilege to 'keycloak' user; reason=Access denied; you need (at least one of) the GRANT OPTION privilege(s) for this operation
WARNING - jans-saml - 2024-02-05 16:54:04,256 - Got insufficient permission, please try using user with XA_RECOVER_ADMIN privilege and running the following query manually via MySQL client: "GRANT XA_RECOVER_ADMIN ON *.* TO 'keycloak'@'%'; FLUSH PRIVILEGES;"
```

To resolve this issue, it's necessary to adhere to the guidance provided in the logs.


# PostgreSQL

Make the following changes in your `values.yaml`:

```yaml
global:
saml:
enabled: true
ingress:
samlEnabled: true
config:
configmap:
kcDbVendor: postgres
kcDbUsername: keycloak
kcDbPassword: Test1234#
kcDbSchema: public
kcDbUrlHost: postgres.kc.svc.cluster.local
kcDbUrlPort: 5432
kcDbUrlDatabase: keycloak
kcDbUrlProperties: ""
```
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ nav:
- Health Check: admin/kubernetes-ops/health-check.md
- TUI K8s: admin/kubernetes-ops/tui-k8s.md
- Custom Attributes: admin/kubernetes-ops/custom-attributes.md
- Jans SAML/Keycloak: admin/kubernetes-ops/jans-saml.md
- VM Operation Guide:
- admin/vm-ops/README.md
- Upgrade: admin/vm-ops/upgrade.md
Expand Down