...
Pre established redirect URI and use current URI: these variables are used to force Oauth flow redirection to a specific URI. This avoid redirection problems when controlpanel is behind a reverse proxy, and the default redirect URI is mounted with http:// instead of https:// . If this happends happens to you, set useCurrentUri to false, and set the preEstablishedRedirectUri to something like below.
Finally, you will need to configure an ADMINISTRATOR API Key for user management purposes (i.e. when a user first logs in the platform, user will be imported into our database) You can find the administrator token by login with an user ‘administrator’ and going to /controlpanel/apimanager/token/list:
...
Alternatively, configuration properties can be provided via external file, for . For this to work, you need to set the environment variable PLUGIN_PROPERTIES to the file route, for example:
...
First of all, the Java model is defined in the class “UserClaims.java” and its adapted to the OpenID standard, but you may need some other attributes, feel . Feel free to adapt this class.
...
To map your IM role to a onesait Platform ROLE, there is a class which manages this mapping: KeycloakAuthoritiesExtractor.java
By default, all imported users will be mapped to ROLE_USER, but you can change this behavior.
...
You also need to provide an implementation of a Principal extractor to retrieve the principal’s name (i.e. the user user’s unique ID). The default implementation can be found in the KeycloakPrincipalExtractor.java, and as you can see below, it is extracted from the “preferred_username” attribute.
...
Last As the last step to enable the plugin, you’ll need to upgrade the following services (if apply) in the CaaS (Rancher or Openshift) with the appropiate environment variables:
...
NOTE: Remember that the path in bold may change between VMs.
...
Repeat this process in the following services if needed:
...
If you need any support for this feature, please contact support@onesaitplatform.com