hawkbit
hawkbit copied to clipboard
eclipse
Unable to configure OAuth2 with Keycloak in Eclipse /Hawkbit
Can any one help me to configure oAuth2 with keycloak in Eclipse/Hawkbit application
Hi @KOTTIRAMSAI ,
Add the below configuration in the property file
spring.security.oauth2.client.registration.oidc.client-id: <client>
spring.security.oauth2.client.registration.oidc.client-secret: <secret>
spring.security.oauth2.client.registration.oidc.scope: openid,profile,email
spring.security.oauth2.client.provider.oidc.issuer-uri: <keycloak issuer URI>
Hi @aktivk Thank For your reply, I have already added configuration in the "application.properties" file. Can u tell me what are the next steps to be follow to enable OIDC
Hi @KOTTIRAMSAI ,
You do not need any additional configuration to enable the OIDC. As soon as you have the OIDC configuration in properties file, it automatically enables this feature. Just try to access the http://localhost:8080/login and it will redirect you to your OIDC provider
Hi @KOTTIRAMSAI ,
As @aktivk said before, you can either setup the hawkbit-mgmt-api-defaults.properties like this :
spring.security.oauth2.client.registration.oidc.client-id=account
spring.security.oauth2.client.registration.oidc.client-secret=secret
spring.security.oauth2.client.provider.oidc.issuer-uri=http://localhost:8080/auth/realms/master
spring.security.oauth2.client.provider.oidc.authorization-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/auth
spring.security.oauth2.client.provider.oidc.token-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/token
spring.security.oauth2.client.provider.oidc.user-info-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.oidc.jwk-set-uri=http://localhost:8080/auth/realms/master/protocol/openid-connect/certs
Or directly into your docker-compose file with an .env file :
services:
hawkbit:
container_name: hawkbit
image: "hawkbit/hawkbit-update-server:latest-mysql"
environment:
- 'SPRING_APPLICATION_JSON={
"spring.security.oauth2.client.registration.oidc.client-id": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID}",
"spring.security.oauth2.client.registration.oidc.client-secret": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET}",
"spring.security.oauth2.client.registration.oidc.scope": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_SCOPE}",
"spring.security.oauth2.client.registration.oidc.authorization-grant-type": "${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_AUTHORIZATION_GRANT_TYPE}",
"spring.security.oauth2.client.provider.oidc.issuer-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI}",
"spring.security.oauth2.client.provider.oidc.authorization-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_AUTHORIZATION_URI}",
"spring.security.oauth2.client.provider.oidc.jwk-set-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_JWT_SET_URI}",
"spring.security.oauth2.client.provider.oidc.token-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_TOKEN_URI}",
"spring.security.oauth2.client.provider.oidc.user-info-uri": "${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_USER_INFO_URL}"
}'
```
Hawkbit will then use this configuration, you can check this by debugging the `OidcUserManagementAutoConfiguration` if needed.
You might have trouble to map the keycloak client roles correctly in the first time, but that's only Keycloak configuration.
Hi @axelroy and @aktivk Thanks for Replying ! I have integrated the keycloak with hawkbit after successful validation it redirect to hawkbit but it is not showing distrubution in deployment page I have created the distrubution in distrubution page.And I have assigned all client level roles to the user
Hi @KOTTIRAMSAI You have to first assign the software module to distribution set (using drag and drop in Distributions page) in order to see the distribution sets in the deployment page
Hi @aktivk ! Thanks for your reply! I have a doubt only os assigned software modules is appearing in delpoyment page but application assigned is not apppering in deployment page and when I am assiging distrubution to targets directly it is not assigning but when I created a new target filter then I am assigning through auto assign distrubution set then it is assigning to targets.