diff --git a/build.sbt b/build.sbt index 3288ef1..bb2a369 100644 --- a/build.sbt +++ b/build.sbt @@ -72,7 +72,6 @@ dockerCommands ++= Seq( Cmd("ENV", "PROXY_HOST", "0.0.0.0"), Cmd("USER", "root"), Cmd("RUN", "apt-get update && apt-get upgrade -y"), - Cmd("USER", "1001"), ) diff --git a/src/it/scala/com/ing/wbaa/rokku/sts/helper/OAuth2TokenRequest.scala b/src/it/scala/com/ing/wbaa/rokku/sts/helper/OAuth2TokenRequest.scala index 0d91871..53e6d65 100644 --- a/src/it/scala/com/ing/wbaa/rokku/sts/helper/OAuth2TokenRequest.scala +++ b/src/it/scala/com/ing/wbaa/rokku/sts/helper/OAuth2TokenRequest.scala @@ -29,7 +29,7 @@ trait OAuth2TokenRequest { private def getTokenResponse(formData: Map[String, String]): Future[HttpResponse] = { val contentType = RawHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8") Http().singleRequest(HttpRequest( - uri = Uri(s"${keycloakSettings.url}/auth/realms/${keycloakSettings.realm}/protocol/openid-connect/token"), + uri = Uri(s"${keycloakSettings.url}${keycloakSettings.httpRelativePath}/realms/${keycloakSettings.realm}/protocol/openid-connect/token"), method = HttpMethods.POST, headers = List(contentType), entity = akka.http.scaladsl.model.FormData(formData).toEntity)) diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index e0d9481..14d3cbc 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -27,7 +27,7 @@ rokku { clientSecret = ${?KEYCLOAK_CLIENT_SECRET} adminUsername = ${?KEYCLOAK_ADMIN_USERNAME} adminPassword = ${?KEYCLOAK_ADMIN_PASSWORD} - + httpRelativePath = ${?KEYCLOAK_HTTP_RELATIVE_PATH} verifyToken { checkRealmUrl = ${?KEYCLOAK_CHECK_REALM_URL} issuerForList = ${?KEYCLOAK_CHECK_ISSUER_FOR_LIST} diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index b8580d6..7a56a8f 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -14,6 +14,7 @@ rokku { clientSecret = "q4dHVTDyViys4T0njCSSoS5Xto4GjA12" adminUsername = "rokkuadmin" adminPassword = "password" + httpRelativePath = "/auth" verifyToken { checkRealmUrl = true issuerForList = "sts-rokku" @@ -33,7 +34,7 @@ redis { host = "localhost" port = 6379 username = "default" - password = "password" + password = "password" } db-dispatcher { diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/config/KeycloakSettings.scala b/src/main/scala/com/ing/wbaa/rokku/sts/config/KeycloakSettings.scala index 4a7d37d..e158b48 100644 --- a/src/main/scala/com/ing/wbaa/rokku/sts/config/KeycloakSettings.scala +++ b/src/main/scala/com/ing/wbaa/rokku/sts/config/KeycloakSettings.scala @@ -16,6 +16,7 @@ class KeycloakSettings(config: Config) extends Extension { val clientSecret: String = rokkuStsKeycloakConfig.getString("clientSecret") val adminUsername: String = rokkuStsKeycloakConfig.getString("adminUsername") val adminPassword: String = rokkuStsKeycloakConfig.getString("adminPassword") + val httpRelativePath: String = rokkuStsKeycloakConfig.getString("httpRelativePath") //can be removed when keyclock docker image for dev will be upgraded to version 18 or above (see https://www.keycloak.org/server/all-config#_httptls http-relative-path) } object KeycloakSettings extends ExtensionId[KeycloakSettings] with ExtensionIdProvider { diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala b/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala index d5e44bc..3c90714 100644 --- a/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala +++ b/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala @@ -52,7 +52,7 @@ trait KeycloakTokenVerifier extends LazyLogging { private[this] lazy val keycloakDeployment = { val config = new AdapterConfig() config.setRealm(keycloakSettings.realm) - config.setAuthServerUrl(s"${keycloakSettings.url}/auth") + config.setAuthServerUrl(s"${keycloakSettings.url}${keycloakSettings.httpRelativePath}/") config.setSslRequired("external") config.setResource(keycloakSettings.resource) config.setPublicClient(true)