-
Notifications
You must be signed in to change notification settings - Fork 4
Home
- Update the package index:
sudo apt update
- Install OpenJDK 17:
sudo apt install openjdk-17-jdk
- Edit the ~/.bashrc file:
vim ~/.bashrc
- Add the following line at the end of the file:
export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
- Save and exit the editor.
- Update the environment variables:
source ~/.bashrc
- Or you can set environment variable in /etc/environment file
- Install PostgreSQL 14 or higher.
sudo apt update && sudo apt upgrade -y
sudo apt install postgresql-14
- Switch to the PostgreSQL user: sudo su postgres
- Access the PostgreSQL console: psql
- Execute the following SQL commands:
CREATE USER keycloak WITH ENCRYPTED PASSWORD 'password';
CREATE DATABASE keycloak;
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
- Download Keycloak 26.0.5 from the official repository.
- Or download the tar file
wget https://github.com/keycloak/keycloak/releases/download/26.0.5/keycloak-26.0.5.tar.gz
- Extract the downloaded file to the /opt folder,
sudo tar -xvf myfiles.tar -C /opt
- Goto keycloak conf folder and uncomment the following from keycloak.conf file:
# Database
# The database vendor.
db=postgres
# The username of the database user.
db-username=keycloak
# The password of the database user.
db-password=password
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:postgresql://localhost/keycloak
- Set environment variables for Keycloak administration:
export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=admin
- Navigate to the Keycloak directory,
cd /path/to/keycloak/bin
- Run the start command with the necessary parameters:
./kc.sh start --log="console,file" --hostname-strict-backchannel=false --http-enabled=true --http-port=8083 --https-port=8533 --hostname-strict=false --hostname-strict-https=false
- Run the start command with the necessary parameters(with debug mode):
sudo ./kc.sh start --log="console,file" --hostname-strict-backchannel=false --http-enabled=true --http-port=8083 --https-port=8533 --hostname-strict=false --debug --log-level=INFO,org.eclipse.sw360.keycloak.spi:debug,org.eclipse.sw360.keycloak.event.listener:debug
- Build the SW360 backend code using Maven,
mvn clean install -DskipTests -Dbase.deploy.dir=/opt/apache-tomcat-11.x.x/ -Dlistener.deploy.dir=/opt/keycloak-26.x.x/providers -P deploy
- Start the Apache Tomcat server.
Providers are used to read users from sw360 db and register users from keycloak to sw360 db.
- After building the backend with deploy profile, following files should be copied and available at
/opt/keycloak-26.0.5/providers/
:
commonIO-19.0.0.jar
datahandler-19.0.0.jar
httpcore5-5.2.5.jar
libthrift-0.20.0.jar
spring-security-crypto-6.3.3.jar
sw360-keycloak-event-listener.jar
sw360-keycloak-user-storage-provider.jar
-
Login to Keycloak admin console.
username: admin password: admin
-
Create Realm and name it sw360.
-
Get the JWT issuer and key set for realm and update the backend file at
rest/resource-server/src/main/resources/application.yml
and reinstall the backend with Tomcat restart- Select "OpenID Endpoint Configuration" from the "Realm Settings" and copy "jwks_uri". It will look something like
http://localhost:8083/realms/sw360/protocol/openid-connect/certs
- Update the
issuer-uri
andjwk-set-uri
in theapplication.yml
file with this copiedjwks_uri
. - Build and install the backend one more time.
- Select "OpenID Endpoint Configuration" from the "Realm Settings" and copy "jwks_uri". It will look something like
-
Create Client in Keycloak.
-
Follow the below steps for client creation:
-
Under General settings, enter Client ID which will be used in .env file(SW360 Frontend Repo) as well as in rest.
-
In Capability config enable Client authentication.
-
Goto Login settings and enter below fields:
Home URL: http://localhost:3000 Valid redirect URIs: http://localhost:3000/api/auth/callback/keycloak, https://oauth.pstmn.io/v1/callback Valid post logout redirect URIs: + Web origins: *
-
-
-
Create Client Scopes.
-
Create READ scope by clicking on Create client scope button.
-
Similarly create WRITE scope.
-
-
Add Scopes to our Client.
- Goto Clients, then select your newly created client in Client lists page.
- Goto Client scopes page, click on Add client scope and there you will see your READ and WRITE scopes that you need to add.
- Select both scopes and then click on Add(default).
-
Create Groups.
-
Goto Groups and create different groups that we are going to use in sw360.
-
Create 7 groups: ADMIN, CLEARING_ADMIN, CLEARING_EXPERT, ECC_ADMIN, SECURITY_ADMIN, SW360_ADMIN, USER.
-
-
Create an Attribute.
-
Goto Realm settings then click on User profile page where we can create a new attribute.
-
Create a new attribute by the name Department and give the required permissions as shown in screenshot.
-
-
Add Event Listner.
- Goto Events page in Realm settings.
- Click on event listners dropdown and select sw360-add-user-to-couchdb.
-
Access to external Databases.
-
Goto User federation and select sw360-user-storage-jpa providers.
-
Give proper name and create the custom provider.
-
-
Check Authentication Settings
- Goto Authentication and apply the permissions in Required actions as shown in screenshot.
-
Create Users
-
To create a new user one can goto Users section.
-
Also check whether user is created in couchdb or not.
-
Set password for the newly created user by selecting the user and going to the Credentials page.
-
- Run the git clone command,
git clone git@github.com:eclipse-sw360/sw360-frontend.git
- Create .env file inside the repository and add the following data:
NEXTAUTH_SECRET = 'secret'
NEXT_PUBLIC_SW360_API_URL = 'http://localhost:8080'
NEXTAUTH_URL='http://localhost:3000'
NEXT_PUBLIC_SW360_REST_CLIENT_ID='trusted-sw360-client'
NEXT_PUBLIC_SW360_REST_CLIENT_SECRET='sw360-secret'
NEXT_PUBLIC_ENABLE_SW360_OAUTH_PROVIDER='true'
#possible values are sw360basic, sw360oauth, keycloak
#NEXT_PUBLIC_SW360_AUTH_PROVIDER='keycloak'
SW360_KEYCLOAK_CLIENT_ID=
SW360_KEYCLOAK_CLIENT_SECRET=
AUTH_ISSUER=http://localhost:8083/realms/sw360
- Get SW360_KEYCLOAK_CLIENT_ID and SW360_KEYCLOAK_CLIENT_SECRET from Keycloak console
- SW360_KEYCLOAK_CLIENT_ID will be present in your client's Settings page.
- SW360_KEYCLOAK_CLIENT_SECRET will be present in your clients's Credentials page
- Installs NVM (Node Version Manager)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.4/install.sh | bash
- Download and Install Node.js
nvm install 20.5.1
- Verifies the right Node.js version is in the environment
node -v
# should printv20.5.1
- Verifies the right NPM version is in the environment
npm -v
# should print10.2.4
- Installs next
npm install next@latest react@latest react-dom@latest
npm run build
npm run start
/usr/bin/google-chrome-stable --disable-web-security --user-data-dir="/home/${USER}/cors" --allow-file-access-from-files
- Type of authorization will be OAuth 2.0.
- Enter the below details while creating a new Bearer token:
Clallback URL: https://oauth.pstmn.io/v1/callback
Auth URL: http://localhost:8083/realms/sw360/protocol/openid-connect/auth
Access Token URL: http://localhost:8083/realms/sw360/protocol/openid-connect/token
Get Client Id and Client Secret from Keycloak client
Scope: openid READ WRITE