Sv: Install requirements

Thomas John Sødring tsodring at oslomet.no
Tue Dec 12 10:47:48 CET 2023 

Hi Ole,

Thanks for your summary. I am currently looking at the setup procedure and see that it is a little bit more tricky than first anticipated. Keycloak now handles both user and roles, so I need to make a clearer description of how this is all managed.

Thomas
________________________________
Fra: Aamot Engineering <post at as.engineering>
Sendt: tirsdag 12. desember 2023 08:07
Til: Thomas John Sødring <tsodring at oslomet.no>
Kopi: nikita-noark at nuug.no <nikita-noark at nuug.no>
Emne: Re: Install requirements

Det er ikke ofte du mottar e-post fra post at as.engineering. Finn ut hvorfor dette er viktig.<https://aka.ms/LearnAboutSenderIdentification>


On Thu, Dec 7, 2023 at 8:27 AM Thomas John Sødring via nikita-noark <nikita-noark at nuug.no<mailto:nikita-noark at nuug.no>> wrote:

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://localhost:8080/realms/recordkeeping/.well-known/openid-configuration": Connection refused
      at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:888) ~[spring-web-6.0.11.jar:6.0.11]

This error is because the server doesn't have keycloak running. Spring boot 3/Spring security also comes with a recommendation to use SSO. I first interpreted this as a requirement, but I believe it is possible to run Nikita with username/password. However, some people will likely want to use Nikita with SSO, so an SSO requirement in Nikita to use keycloak was introduced with the upgrade to Spring boot 3. This will likely be relaxed in the future, but there are a lot of other tasks with a higher requirement.

Install.md also includes a description that Keycloak is a requirement for nikita and how to get it running.


## Keycloak requirement

We currently follow Spring Boot recommendation for SSO and now require a running keycloak alongside nikita. The easiest
way to get keycloak running is to use docker

    docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.2<http://quay.io/keycloak/keycloak:21.1.2> start-dev

Once you have keycloak running you can, from the root of the nikita source code run:

    scripts/populate_keycloak.sh

to create users and roles, so you can interact with nikita.

It is probably a good idea to follow all the steps in Install.md as you might find you are getting stuck on something that is described there.

Thank you for revealing the instructions for Keycloak for Single Sign-On (SSO) related to an error in a Spring Boot application using Nikita with Keycloak for Single Sign-On (SSO). The error message indicates that there's a connection refusal when trying to access the Keycloak configuration URL.

Here are some suggestions and clarifications based on the provided information:

  1.  Keycloak Requirement: The message mentions that there's a requirement for Keycloak for SSO. If you don't want to use SSO or Keycloak, the message suggests that this requirement might be relaxed in the future. However, for now, it seems like having a running Keycloak instance alongside Nikita is expected.

  2.  Docker for Keycloak: To simplify the process of getting Keycloak running, the message suggests using Docker. The provided Docker command (docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.2<http://quay.io/keycloak/keycloak:21.1.2> start-dev) is intended to start a Keycloak instance with a specific version.

  3.  Populating Keycloak: After setting up Keycloak, the message mentions running scripts/populate_keycloak.sh from the root of the Nikita source code. This script likely populates Keycloak with necessary users and roles required for interacting with Nikita.

  4.  Install.md: The installation instructions (Install.md) are recommended to follow, as they may contain additional steps or information that can help troubleshoot any issues during the setup process.

In summary, it appears that the error is occurring because Keycloak is not running, and Nikita expects it to be available for SSO. If you don't want to use SSO or Keycloak, you may need to check if there are configuration options in Nikita to disable SSO or if there are plans to relax this requirement in future releases.

If you are intending to use SSO and Keycloak, make sure you have followed the installation steps, including starting the Keycloak instance using Docker and populating it with users and roles using the provided script. If you encounter specific issues during this process, referring to the Install.md document and checking for any troubleshooting steps could be beneficial.

Thanks, Thomas!

Best,

Ole Aamot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nuug.no/pipermail/nikita-noark/attachments/20231212/33e09804/attachment-0001.htm>

More information about the nikita-noark mailing list