Using Keycloak for Authentication

Using Keycloak for authentication requires two steps:

PASOE Configuration

Edit conf/ with the following values:

client.login.model=oauth2 OEClientPrincipalFilter.passthru=true OEClientPrincipalFilter.forwardToken=true # Replace "http://keycloack.server" with the root URL of your Keycloak server # Replace "MyRealm" with the name of the Keycloak realm that should be used jwtToken.keystore.jwkurl=http://keycloak.server/auth/realms/MyRealm/protocol/openid-connect/certs jwtToken.usernameField=preferred_username oauth2.resSvc.tokenServices=jwt auth2.resSvc.audience=pasoe-resource-server oauth2.resSvc.realmName=MyRealm

Angular Client Configuration

The @consultingwerk/smartcomponent-library package needs to be configured to use Keycloak. This is done using the SmartComponentLibraryModule.forRoot configuration function, when you import the module. This is usually done in the @NgModule annotation of your AppModule (src/app/app.module.ts):

@NgModule({ imports: [ SmartComponentLibraryModule.forRoot({ keycloakSettings: { keycloakEnabled: true, clientId: 'client-name', // the client name as configured in Keycloak authServerUrl: 'http://keycloak.server', // the root URL of your Keycloak server realmName: 'MyRealm' // the name of the Keycloak realm to be used }, serviceURI: 'http://pasoe' // the PASOE service URI to use }) ] }) export class AppModule {}