Using Keycloak for Authentication

Using Keycloak for authentication requires two steps:

PASOE Configuration

Edit conf/oeablSecurity.properties with the following values:

client.login.model=oauth2
OEClientPrincipalFilter.passthru=true
OEClientPrincipalFilter.forwardToken=true

# Replace "http://keycloack.server" with the root URL of your Keycloak server
# Replace "MyRealm" with the name of the Keycloak realm that should be used
jwtToken.keystore.jwkurl=http://keycloak.server/auth/realms/MyRealm/protocol/openid-connect/certs

jwtToken.usernameField=preferred_username
oauth2.resSvc.tokenServices=jwt
auth2.resSvc.audience=pasoe-resource-server
oauth2.resSvc.realmName=MyRealm

Angular Client Configuration

The @consultingwerk/smartcomponent-library package needs to be configured to use Keycloak. This is done using the SmartComponentLibraryModule.forRoot configuration function, when you import the module. This is usually done in the @NgModule annotation of your AppModule (src/app/app.module.ts):

@NgModule({
  imports: [
    SmartComponentLibraryModule.forRoot({
      keycloakSettings: {
        keycloakEnabled: true,
        clientId: 'client-name', // the client name as configured in Keycloak
        authServerUrl: 'http://keycloak.server', // the root URL of your Keycloak server
        realmName: 'MyRealm' // the name of the Keycloak realm to be used
      },
      serviceURI: 'http://pasoe' // the PASOE service URI to use
    })
  ]
})
export class AppModule {}