minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

Give users more helpful information for setting up keycloak

Open lukehinds opened this issue 1 year ago • 1 comments

Please describe the enhancement

From the docs:

Should you install locally, you will need to configure the client on Keycloak. You will need the following:

A Keycloak realm named "stacklok" with event saving turned on for the "Delete account" event. A registered public client with the redirect URI http://localhost/*. This is used for the minder CLI. A registered confidential client with a service account that can manage users and view events. This is used for the minder server. You will also need to set certain configuration options in your server-config.yaml file, to reflect your local Keycloak configuration.

I ended up having to dig around to find where to create a registered confidential client and what does 'registered' even mean, ended up on this link: https://keycloak.discourse.group/t/where-is-the-confidential-access-type-in-the-client-definition-and-settings/22866

Solution Proposal

Its not easy to dig around the UI looking for where these are situated and more helpful descriptive information will help here (I would recommend screen captures as its a UI involved)

lukehinds avatar Jul 02 '24 18:07 lukehinds

Using docker-compose seems to work pretty well; outside of that well-trod path, we may want to update the developer docs to simply link to the keycloak configuration that sets all this up.

evankanderson avatar Sep 10 '24 13:09 evankanderson

I think we've automated this into a make step: https://mindersec.github.io/run_minder_server/run_the_server#configure-keycloak

evankanderson avatar Jan 14 '25 15:01 evankanderson