The Keycloak container is built from jboss/keycloak:16.1.0
.
It loads a predefined SORMAS
Realm, sormas
theme and a custom SPI sormas-keycloak-service-provider
.
It comes predefined with 4 clients and 1 role.
Clients:
sormas-app
- client used by the mobile app to perform the OAuth2 Flowsormas-rest
- client used by the backend to validate access trough the REST API- supports Basic and Bearer authentication
- requires
REST_USER
role to pre-validate the access to the API
sormas-ui
- client used by the Sormas UI to authenticate the user trough OpenIDsormas-backend
- client used by the backend to handle user creation and password resets
Role: REST_USER
The container comes with a custom SORMAS theme which provides custom styles for the following screens:
- Login
- Set Password
- Reset Password
Besides, custom styles there are some custom translation messages.
The deployment can be customized through the following environment variables.
KEYCLOAK_DB_HOST
KEYCLOAK_DB_NAME
KEYCLOAK_DB_USER
KEYCLOAK_DB_PASSWORD
KEYCLOAK_DB_VENDOR
KEYCLOAK_ADMIN_USER
KEYCLOAK_ADMIN_PASSWORD
KEYCLOAK_CPUS
KEYCLOAK_MEM
KEYCLOAK_MEM_RESERVED
KEYCLOAK_SORMAS_UI_SECRET
KEYCLOAK_SORMAS_REST_SECRET
KEYCLOAK_SORMAS_BACKEND_SECRET
SORMAS_SERVER_URL
In case Keycloak is enabled as an Authentication provider, the following environment variables are needed for the SORMAS app:
CACERTS_PASS
KEYSTORE_PASS
Besides, the deployment variables, some manual configuration is required as well.
After deploy the following configurations have to be done from the Keycloak Admin Console:
- Enable internationalization for
sormas-ui
and select the available locales and default locale. - Update email SMTP settings for the SORMAS realm
Keycloak configurations changes usually are part of the SORMAS.json file.
The SORMAS Keycloak image automatically adds any new realm resources by running the update-realm.sh script at startup. This only imports new resources and doesn't remove/update existing resources.
Any update or deletion have to be done manually using the Keycloak Admin console.