Jira Link : https://project-sunbird.atlassian.net/browse/SC-911
Design Doc : Encrypting data stored within keycloak
Note: Take back up of keycloak database.
Steps :
- Checkout https://github.com/project-sunbird/sunbird-auth code and make build.
- create providers folder inside keycloak
- Copy the jar to providers folder
- Run the keycloak
- Login to admin console and click User Federation tab on left panel of the screen. As shown in fig.
- Select cassandra-storage-provider from Add provider drop down on the screen , then you will be redirected to screen as shown
- Click save button , It will generate one provider id as shown
- Copy this provider id and save this as env variable sunbird_keycloak_user_federation_provider_id .
- Run the below sql on keycloak database (provide provider id in sql) , Before running sql just check the data of FEDERATED_USER,FED_USER_CREDENTIAL & FED_USER_REQUIRED_ACTION for further validation
1. insert into public.FEDERATED_USER(ID, STORAGE_PROVIDER_ID, REALM_ID)
select concat("f:{provider id}", USER_ENTITY.`ID`), '{provider id}', 'master' from public.`USER_ENTITY`;
2. insert into FED_USER_CREDENTIAL(ID, DEVICE, HASH_ITERATIONS, SALT, TYPE, VALUE, CREATED_DATE, COUNTER, DIGITS, PERIOD, ALGORITHM, USER_ID, REALM_ID, STORAGE_PROVIDER_ID)
select ID, DEVICE, HASH_ITERATIONS, SALT, TYPE, VALUE, CREATED_DATE, COUNTER, DIGITS, PERIOD, ALGORITHM, concat("f:{provider id}",USER_ID), 'master', '{provider id}' from CREDENTIAL
3. insert into FED_USER_REQUIRED_ACTION(REQUIRED_ACTION, USER_ID, REALM_ID, STORAGE_PROVIDER_ID)
select REQUIRED_ACTION, concat("f:{provider id}", USER_ID), 'master', '{provider id}' from USER_REQUIRED_ACTION;
10. Run the ETL to delete the user from keycloak.