Install requirements

Aamot Engineering post at as.engineering
Tue Dec 12 08:07:29 CET 2023 

On Thu, Dec 7, 2023 at 8:27 AM Thomas John Sødring via nikita-noark <
nikita-noark at nuug.no> wrote:

>
> *Caused by: org.springframework.web.client.ResourceAccessException: I/O
> error on GET request for "**http://localhost:8080/realms/recordkeeping/.well-known/openid-configuration
> <http://localhost:8080/realms/recordkeeping/.well-known/openid-configuration>":
> Connection refused*
> * at
> org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:888)
> ~[spring-web-6.0.11.jar:6.0.11]*
>
> This error is because the server doesn't have keycloak running. Spring
> boot 3/Spring security also comes with a recommendation to use SSO. I first
> interpreted this as a requirement, but I believe it is possible to run
> Nikita with username/password. However, some people will likely want to use
> Nikita with SSO, so an SSO requirement in Nikita to use keycloak was
> introduced with the upgrade to Spring boot 3. This will likely be relaxed
> in the future, but there are a lot of other tasks with a higher requirement.
>
> Install.md also includes a description that Keycloak is a requirement for
> nikita and how to get it running.
>
> *## **Keycloak requirement*
>
>
>
>
> *We currently follow Spring Boot recommendation for SSO and now require a running keycloak alongside nikita. The easiestway to get keycloak running is to use docker*
>
> *    docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.2 <http://quay.io/keycloak/keycloak:21.1.2> start-dev*
>
> *Once you have keycloak running you can, from the root of the nikita source code run:*
>
> *    scripts/populate_keycloak.sh**to create users and roles, so you can interact with nikita.*
>
> It is probably a good idea to follow all the steps in Install.md as you
> might find you are getting stuck on something that is described there.
>

Thank you for revealing the instructions for Keycloak for Single Sign-On
(SSO) related to an error in a Spring Boot application using Nikita with
Keycloak for Single Sign-On (SSO). The error message indicates that there's
a connection refusal when trying to access the Keycloak configuration URL.

Here are some suggestions and clarifications based on the provided
information:

   1.

   *Keycloak Requirement:* The message mentions that there's a requirement
   for Keycloak for SSO. If you don't want to use SSO or Keycloak, the message
   suggests that this requirement might be relaxed in the future. However, for
   now, it seems like having a running Keycloak instance alongside Nikita is
   expected.
   2.

   *Docker for Keycloak:* To simplify the process of getting Keycloak
   running, the message suggests using Docker. The provided Docker
command (docker
   run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin
   quay.io/keycloak/keycloak:21.1.2 start-dev) is intended to start a
   Keycloak instance with a specific version.
   3.

   *Populating Keycloak:* After setting up Keycloak, the message mentions
   running scripts/populate_keycloak.sh from the root of the Nikita source
   code. This script likely populates Keycloak with necessary users and roles
   required for interacting with Nikita.
   4.

   *Install.md:* The installation instructions (Install.md) are recommended
   to follow, as they may contain additional steps or information that can
   help troubleshoot any issues during the setup process.

In summary, it appears that the error is occurring because Keycloak is not
running, and Nikita expects it to be available for SSO. If you don't want
to use SSO or Keycloak, you may need to check if there are configuration
options in Nikita to disable SSO or if there are plans to relax this
requirement in future releases.

If you are intending to use SSO and Keycloak, make sure you have followed
the installation steps, including starting the Keycloak instance using
Docker and populating it with users and roles using the provided script. If
you encounter specific issues during this process, referring to the
Install.md document and checking for any troubleshooting steps could be
beneficial.

Thanks, Thomas!

Best,

Ole Aamot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nuug.no/pipermail/nikita-noark/attachments/20231212/3c7cacbd/attachment.htm>

More information about the nikita-noark mailing list