Versions Compared

Old Version 10

changes.mady.by.user Vinaya Kumar B

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Checkout https://github.com/project-sunbird/sunbird-auth code and switch to release-1.15 branch and make build.
  2. create Create providers folder inside keycloak
  3. Copy the jar built jar (i.e.keycloak-email-phone-autthenticator-1.0-SNAPSHOT.jar) to providers folder
  4. Run the keycloak
  5. Login to admin console and click User Federation tab on left panel of the screen. As shown in fig. 
  6. Select cassandra-storage-provider from Add provider drop down on the screen , then you will be redirected to screen as shown 
  7. Click save button , It will generate one provider id as shown                                                                                                               
  8. Copy this provider id and save this as env variable variable ( in learner-service) sunbird_keycloak_user_federation_provider_id  , along with                                                                                                                                                sunbird_authorization
    sunbird_cassandra_host
    sunbird_encryption_key
    sunbird_sso_username
    sunbird_sso_password
    sunbird_sso_url
    sunbird_sso_realm
    sunbird_sso_client_id
    sunbird_cs_base_url.
  9. Run the below sql SQL queries on keycloak database (provide Keycloak database after replacing values for placeholders {PROVIDER_ID} and realm name {realm name} in below query templates. Value of placeholders {PROVIDER_ID} and {realm name} in sql) , Before running sql just check the data of FEDERATED_USER,FED_USER_CREDENTIAL & FED_USER_REQUIRED_ACTION  for further validationis based on environment variables sunbird_keycloak_user_federation_provider_id and sunbird_sso_realm respectively.

Query Templates                                            1.  insert into public.

Code Block
insert into FEDERATED_USER(ID, STORAGE_PROVIDER_ID, REALM_ID)select concat('f:{PROVIDER_ID}:', USER_ENTITY.ID), '{PROVIDER_ID}', '{realm name}' from public.USER_ENTITY;

...



insert into FED_USER_CREDENTIAL(ID, DEVICE, HASH_ITERATIONS, SALT, TYPE, VALUE, CREATED_DATE, COUNTER, DIGITS, PERIOD, ALGORITHM, USER_ID,                  REALM_ID,STORAGE_PROVIDER_ID) select ID, DEVICE, HASH_ITERATIONS, SALT, TYPE, VALUE, CREATED_DATE, COUNTER, DIGITS, PERIOD, ALGORITHM, concat('f:{PROVIDER_ID}:',USER_ID), '{realm name}', '{PROVIDER_ID}' from

...

 CREDENTIAL;

insert into FED_USER_REQUIRED_ACTION(REQUIRED_ACTION, USER_ID, REALM_ID, STORAGE_PROVIDER_ID)

...


select REQUIRED_ACTION, concat('f:{PROVIDER_ID}:', USER_ID), '{realm name}', '{PROVIDER_ID}' from USER_REQUIRED_ACTION;

Example:

{PROVIDER_ID} = 5a8a3f2b-3409-42e0-9001-f913bc0fde31

{realm name} = sunbird

Code Block
insert into public.FEDERATED_USER(ID, STORAGE_PROVIDER_ID, REALM_ID) select concat('f:5a8a3f2b-3409-42e0-9001-f913bc0fde31:', USER_ENTITY.ID), '5a8a3f2b-3409-42e0-9001-f913bc0fde31', 'sunbird' from public.USER_ENTITY;

insert into FED_USER_CREDENTIAL(ID, DEVICE, HASH_ITERATIONS, SALT, TYPE, VALUE, CREATED_DATE, COUNTER, DIGITS, PERIOD, ALGORITHM, USER_ID, REALM_ID,STORAGE_PROVIDER_ID) select ID, DEVICE, HASH_ITERATIONS, SALT, TYPE, VALUE, CREATED_DATE, COUNTER, DIGITS, PERIOD, ALGORITHM, concat('f:5a8a3f2b-3409-42e0-9001-f913bc0fde31:',USER_ID), 'sunbird', '5a8a3f2b-3409-42e0-9001-f913bc0fde31' from CREDENTIAL;

insert into FED_USER_REQUIRED_ACTION(REQUIRED_ACTION, USER_ID, REALM_ID, STORAGE_PROVIDER_ID) select REQUIRED_ACTION, concat('f:5a8a3f2b-3409-42e0-9001-f913bc0fde31:', USER_ID), 'sunbird', '5a8a3f2b-3409-42e0-9001-f913bc0fde31' from USER_REQUIRED_ACTION;

...

       10.  Run the ETL to delete the user from keycloak. (To be run only in case of Sunbird upgrade)