Using Keycloak for Authentication
Using Keycloak for authentication requires two steps:
PASOE Configuration
Edit conf/oeablSecurity.properties with the following values:
client.login.model=oauth2
OEClientPrincipalFilter.passthru=true
OEClientPrincipalFilter.forwardToken=true
# Replace "http://keycloack.server" with the root URL of your Keycloak server
# Replace "MyRealm" with the name of the Keycloak realm that should be used
jwtToken.keystore.jwkurl=http://keycloak.server/auth/realms/MyRealm/protocol/openid-connect/certs
jwtToken.usernameField=preferred_username
oauth2.resSvc.tokenServices=jwt
auth2.resSvc.audience=pasoe-resource-server
oauth2.resSvc.realmName=MyRealm
Angular Client Configuration
The @consultingwerk/smartcomponent-library package needs to be configured to use Keycloak. This is done using the SmartComponentLibraryModule.forRoot configuration function, when you import the module. This is usually done in the @NgModule annotation of your AppModule (src/app/app.module.ts):
@NgModule({
imports: [
SmartComponentLibraryModule.forRoot({
keycloakSettings: {
keycloakEnabled: true,
clientId: 'client-name', // the client name as configured in Keycloak
authServerUrl: 'http://keycloak.server', // the root URL of your Keycloak server
realmName: 'MyRealm' // the name of the Keycloak realm to be used
},
serviceURI: 'http://pasoe' // the PASOE service URI to use
})
]
})
export class AppModule {}