[
https://issues.apache.org/jira/browse/AIRAVATA-2431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16042955#comment-16042955
]
Marcus Christie edited comment on AIRAVATA-2431 at 6/16/17 3:27 PM:
--------------------------------------------------------------------
Some manual steps I needed to complete after the migration to fully get
security working:
* Log in as the admin user and set the admin password
** log in through the Keycloak console for that realm, in this case for
seagrid: https://iam.scigap.org/auth/admin/seagrid/console/
** use the temporary password {{Password@123}}
** change the password as instructed
* Log in as a user with the admin role into the portal and create a password
credential for the Keycloak admin user
** Create a new credential as usual with the admin username and the password
created in the previous step
* In Gateway preferences, set the tenant id to the same as the gateway id (for
example, "seagrid") and select the password credential created in the previous
step. Click *Set preferences*.
With this in place I was able to configure the API server to have
{{api.secured=true}} and API security is working as expected.
----
*UPDATE*: I've now implemented automating the above steps in the
MigrationManager.java.
was (Author: marcuschristie):
Some manual steps I needed to complete after the migration to fully get
security working:
* Log in as the admin user and set the admin password
** log in through the Keycloak console for that realm, in this case for
seagrid: https://iam.scigap.org/auth/admin/seagrid/console/
** use the temporary password {{Password@123}}
** change the password as instructed
* Log in as a user with the admin role into the portal and create a password
credential for the Keycloak admin user
** Create a new credential as usual with the admin username and the password
created in the previous step
* In Gateway preferences, set the tenant id to the same as the gateway id (for
example, "seagrid") and select the password credential created in the previous
step. Click *Set preferences*.
With this in place I was able to configure the API server to have
{{api.secured=true}} and API security is working as expected.
> Create the Keycloak realm as part of migration
> ----------------------------------------------
>
> Key: AIRAVATA-2431
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2431
> Project: Airavata
> Issue Type: Sub-task
> Components: Security
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Fix For: 0.18
>
>
> Currently the MigrationManager assumes that there already is a Keycloak realm
> in which to migrate users. This requires that someone manually create a
> Keycloak realm, which would be error prone and time consuming for migrating
> all of the gateways we want to migrate.
> Instead, the MigrationManager should create the Keycloak realm as part of the
> migration. We already have [Keycloak realm creation/setup service method in
> the Profile
> Service|https://github.com/apache/airavata/blob/58ea1bfe780d7aaf34cabf886ca298d5e9b1c8ee/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift#L46-L46].
> We should make use of that.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
