<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 7, 2023 at 8:27 AM Thomas John Sødring via nikita-noark <<a href="mailto:nikita-noark@nuug.no">nikita-noark@nuug.no</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg4296122296606346865">
<div dir="ltr"><br><div><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i>Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET
request for "</i></span><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(237,92,87)"><i><a href="http://localhost:8080/realms/recordkeeping/.well-known/openid-configuration" target="_blank">http://localhost:8080/realms/recordkeeping/.well-known/openid-configuration</a>": Connection
refused</i></span></div>
<div><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i> at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:888)
~[spring-web-6.0.11.jar:6.0.11]</i></span></div>
<div><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i><br>
</i></span></div>
<div><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">This error is because the server doesn't have keycloak running. Spring boot 3/Spring
security also comes with a recommendation to use SSO. I first interpreted this as a requirement, but I believe it is possible to run Nikita with username/password. However, some people will likely want to use Nikita with SSO, so an SSO requirement in Nikita
to use keycloak was introduced with the upgrade to Spring boot 3. This will likely be relaxed in the future, but there are a lot of other tasks with a higher requirement.</span></div>
<div><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><i><br>
</i></span></div>
<div><span style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">Install.md also includes a description that Keycloak is a requirement for nikita and
how to get it running.</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="background-color:rgb(255,255,255)">
<pre><div><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(0,51,179)"><i>## </i></span><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(8,8,8)"><i>Keycloak requirement</i></span></div><div><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(8,8,8)"><i><br>We currently follow Spring Boot recommendation for SSO and now require a running keycloak alongside nikita. The easiest<br>way to get keycloak running is to use docker<br><br></i></span><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(6,125,23)"><i> docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin <a href="http://quay.io/keycloak/keycloak:21.1.2" target="_blank">quay.io/keycloak/keycloak:21.1.2</a> start-dev<br><br></i></span><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(8,8,8)"><i>Once you have keycloak running you can, from the root of the nikita source code run:<br><br></i></span><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(6,125,23)"><i> scripts/populate_keycloak.sh<br><br></i></span><span style="font-family:"JetBrains Mono",monospace;font-size:9pt;color:rgb(8,8,8)"><i>to create users and roles, so you can interact with nikita.</i></span></div></pre>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
It is probably a good idea to follow all the steps in Install.md as you might find you are getting stuck on something that is described there.</div>
</div></div></blockquote><div><br></div><div>Thank you for revealing the instructions for Keycloak for Single Sign-On (SSO) related to an error in a Spring Boot application using Nikita with Keycloak for Single Sign-On (SSO). The error message indicates that there's a connection refusal when trying to access the Keycloak configuration URL.</div><div><div class="gmail-flex gmail-flex-grow gmail-flex-col gmail-max-w-full"><div class="gmail-min-h-[20px] gmail-text-message gmail-flex gmail-flex-col gmail-items-start gmail-gap-3 gmail-whitespace-pre-wrap gmail-break-words gmail-[.text-message+&]:mt-5 gmail-overflow-x-auto"><div class="gmail-markdown gmail-prose gmail-w-full gmail-break-words gmail-dark:prose-invert gmail-light"><p>Here are some suggestions and clarifications based on the provided information:</p><ol><li><p><strong>Keycloak Requirement:</strong>
The message mentions that there's a requirement for Keycloak for SSO. If you don't want to use SSO or Keycloak, the message suggests that this requirement might be relaxed in the future. However, for now, it seems like having a running Keycloak instance alongside Nikita is expected.</p></li><li><p><strong>Docker for Keycloak:</strong>
To simplify the process of getting Keycloak running, the message suggests using Docker. The provided Docker command (<code>docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin <a href="http://quay.io/keycloak/keycloak:21.1.2">quay.io/keycloak/keycloak:21.1.2</a> start-dev</code>) is intended to start a Keycloak instance with a specific version.</p></li><li><p><strong>Populating Keycloak:</strong>
After setting up Keycloak, the message mentions running <code>scripts/populate_keycloak.sh</code> from the root of the Nikita source code. This script likely populates Keycloak with necessary users and roles required for interacting with Nikita.</p></li><li><p><strong>Install.md:</strong>
The installation instructions (Install.md) are recommended to follow, as they may contain additional steps or information that can help troubleshoot any issues during the setup process.</p></li></ol><p>In summary, it appears that the error is occurring because Keycloak is not running, and Nikita expects it to be available for SSO. If you don't want to use SSO or Keycloak, you may need to check if there are configuration options in Nikita to disable SSO or if there are plans to relax this requirement in future releases.</p><p>If you are intending to use SSO and Keycloak, make sure you have followed the installation steps, including starting the Keycloak instance using Docker and populating it with users and roles using the provided script. If you encounter specific issues during this process, referring to the Install.md document and checking for any troubleshooting steps could be beneficial.</p><p>Thanks, Thomas!</p><p>Best,</p><p>Ole Aamot<br></p></div></div></div></div></div></div>