Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt CLI to use keycloak openid authentication #5893

Closed
skabashnyuk opened this issue Aug 3, 2017 · 1 comment
Closed

Adapt CLI to use keycloak openid authentication #5893

skabashnyuk opened this issue Aug 3, 2017 · 1 comment
Assignees
@garagatyi
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed.

Comments

@skabashnyuk
Copy link
Contributor

skabashnyuk commented Aug 3, 2017
edited
Loading

We need to change this code https://github.com/eclipse/che/blob/master/dockerfiles/lib/src/api/wsmaster/auth/auth-data.ts#L129 to use keycloak openid authentication.

  1. I think we need a new client in che realm. Let's say 'curl' with "Bearer only" authentification.
  2. Then, change the way how cli obtain token to something like this. curl --data "grant_type=password&client_id=che-public&username=admin&password=123456" http://192.168.65.2:5050/auth/realms/che/protocol/openid-connect/token

See also http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html
@skabashnyuk skabashnyuk added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Aug 3, 2017
@skabashnyuk skabashnyuk mentioned this issue Aug 3, 2017
Closed
25 tasks
@skabashnyuk skabashnyuk added team/platform status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it. labels Sep 15, 2017
@garagatyi
Copy link

I did a small research on what is broken in CLI in the multiuser packaging though out the code and here is what I found:

  • CLI actions, such as create user, create and start ws, ssh, remove user, execute command
  • Che sync, Che mount
  • Che dir, file
  • Graceful stop
  • Deploy on OS: replacing stacks

Notice that I did not test all these features but rather took a look on their internals to figure out what should be broken in the multiuser branch.

@garagatyi garagatyi self-assigned this Sep 20, 2017
@garagatyi garagatyi added status/in-progress This issue has been taken by an engineer and is under active development. and removed status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it. labels Sep 20, 2017
This was referenced Sep 29, 2017
Merged
Merged
@skabashnyuk skabashnyuk removed the status/in-progress This issue has been taken by an engineer and is under active development. label Jan 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garagatyi garagatyi

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skabashnyuk @garagatyi