Skip to content

Fixes to make learn work with scim-for-keycloak #1727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 24, 2024
Merged

Fixes to make learn work with scim-for-keycloak #1727

merged 1 commit into from
Oct 24, 2024

Conversation

@rhysyngsun
Copy link
Contributor

@rhysyngsun rhysyngsun commented Oct 22, 2024
edited
Loading

What are the relevant tickets?

Closes https://github.com/mitodl/hq/issues/5562

Description (What does it do?)

This adds changes to make the SCIM integration work with the scim-for-keycloak plugin.

This includes changes from #1682 that were reverted in #1723, but since we need something slightly different for scim-for-keycloak I just combined them here with the additional adjustments.

How can this be tested?

  • Sign up for a free account on https://scim-for-keycloak.de/ and download the JAR file.
  • Put that JAR file in your providers/ directory in your keycloak install.
  • Follow the installation steps: https://scim-for-keycloak.de/documentation/installation/install
  • You probably want to run keycloak with - --spi-realm-restapi-extension-scim-repair-database=true once so it migrates existing realms
  • Go to your Learn API django-admin and create an Application and Access Token and save the token value for later.
  • Go to http://keycloak.odl.local:8080/ and click on the link to the SCIM admin console. Login to the master realm.
  • Go the the realm management page and edit your realm for Learn. Toggle "SCIM Enabled" and save.
  • Go to the Remote SCIM Provider page and click the "+" button to create a new provider.
    • Use any name.
    • Enter the base url for Learn that is reachable from your keycloak instance. If you're running keycloak on your host system this is probably http://open.odl.local:8063/scim/v2/ or similar.
    • In the Authorization section, switch to Long Life Bearer Token Authentication. Enter the Access Token value from the Learn django-admin.
    • Click "Save Configuration"
  • Click "Use Default Configuration" at the bottom of the page. You should see new tabs appear. Navigate to the "Realm Assignments" tab.
  • Assign this provider to your Learn realm.
  • Switch to the "Schemas" tab and edit the User schema:
    • Update the displayName attribute to use the custom attribute "fullName".
    • Add a new attribute:
      • Name: emailOptIn
      • Type: integer
      • Custom Attribute Name: emailOptIn
      • Everything else leave the defaults.
  • At this point you should be able to switch to the "Synchronization" tab and walk through a full synchronization of users.
  • You should also be able to create/update users without hitting Learn (the keycloak admin is an easy way to do this).

@rhysyngsun rhysyngsun requested a review from cp-at-mit October 22, 2024 19:31
@rhysyngsun rhysyngsun force-pushed the nl/scim-for-keycloak-tweaks branch from acf3379 to aa64e04 Compare October 23, 2024 21:13
@rhysyngsun rhysyngsun merged commit b225c97 into main Oct 24, 2024
11 checks passed
@rhysyngsun rhysyngsun deleted the nl/scim-for-keycloak-tweaks branch October 24, 2024 14:45
@rhysyngsun rhysyngsun mentioned this pull request Oct 24, 2024
Merged
This was referenced Oct 24, 2024
Closed
Closed
Closed
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cp-at-mit cp-at-mit cp-at-mit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rhysyngsun @cp-at-mit