Hi Cédric
You can provide the security schema via blueprint or programmatically,
overriding the karaf realm.
Or you can create a new realm and update all services (ssh, etc) with
this realm (more changes to do).
I would go more with the overriding karaf realm, probably easier (the
overriding bundle would be part of your distribution).
Regards
JB
On Tue, Apr 30, 2024 at 9:35 AM Cedric Jonas <cedric.jo...@kisters.de> wrote:
>
> Hi,
>
> We provide a custom Karaf distribution for other developers within our
> company. As part of that, we also provide a custom authentication realm using
> OpenID Connect.
>
> Now we would like to ensure that this new realm is configured by default for
> SSH, WebConsole, etc. I could not find any nice way to do that - whenever I
> tried to override property values in e.g.
> etc/org.apache.karaf.webconsole.cfg, I end up with a completely new file
> which is not what we want. Either the property replacement abilities of the
> Karaf Maven plugin / features.xml did replace the whole existing
> configuration file with my one customized value ("realm" key) or it created
> the file before the WebConsole feature was installed, and the WebConsole
> feature install obviously doesn't merge both.
>
> Our goal was to customize the existing Karaf configuration files so that we
> do not have to spend additional sync efforts each time we update to a new
> version of Karaf (at least, we need to check if the default configuration
> file didn't change).
>
> Is there any good way to do that?
>
> In the documentation
> (https://karaf.apache.org/manual/latest/#_schema_and_deployer) I found
> there's a way to override the default realm ("karaf") configuration using
> Blueprint and ranks - meaning I would probably replace the existing karaf
> realm with a new configuration but using the same realm name.
> Is that the only way? Isn't it possible to simply configure a new realm name
> for SSH, WebConsole etc. when building a new custom distribution? Without
> being forced to rewrite the whole configuration file and sync the configs
> each time we update?
>
> Thanks!
>
> Regards,
> Cédric
> ________________________________
> Cédric Jonas - HydroMet - KISTERS AG - Pascalstraße 8+10 - 52076 Aachen - DE
> | +49 2408 9385 -453 | cedric.jo...@kisters.de | www.kisters.de |
> Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters
> | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error) please
> notify the sender immediately and destroy this e-mail. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail ist nicht gestattet.
