sunbird-lms-service will directly fetch SSO_PUBLICKEY from KeyCloakServer and use it for authetication and other purpose
Problem Statement
The Current problem with Sunbird is any one who is trying to install Sunbird server have to get sunbird_sso_publickey manually from keycloak server and put it to config file of sunbird server installation after completion of step 1 of server installation. So sunbird-lms-server reads it from environment properties when it starts and use it. This create human dependency and increases chances of error or inconvenience.
Proposed Solution
After completion of server installation , sunbird-lms-service will directly fetch the sunbird_sso_publickey value from Keycloak instance on start by using http request / using Keycloak Admin REST Client. So step1 & step 2 will be merged for server installation and sunbird-lms-service will keep it in memory and use it when ever it is required.
By using http call server-url/auth/realms/{realm-name}/protocol/openid-connect/certs we can get only RSA public keys, not HMAC keys. HMAC keys can be fetched by using access token details but we are only using RSA keys.
Response Body :
{
"keys": [ { "kid" : "Y0YN8HiP3nlCQC77uSUjGtx-seMvzRxyrCRGIhmzfsw",
"kty" : "RSA",
"alg" : "RS256",
"use" : "sig",
"n" : "kqIh4jUuDk6PSQ4KsVCON6AUC9tzODPcUJhlz5KuUumwPb3Qva0TDECGGN6d8OYONlFa-fLXzBKRXWlBxIIlP65WLhFRSiIeThKxT_BcXm6CAnTCAMPMu5Cecuw-- E3xLxwvWQdxgwqgxpX46kBYacLVuHoPikvb7V3DjbRxQwfgf4z3VbXOaaoKx3Hzj0uRhDe7V91BChvIihR5Vnrzl9xA6lPC7X-Vzp6uazDmwns6zNIHHsNozHIHDOQ6HTbzOZwjsCtQmbkTGHfPV75cmkjWesgs56hl5vU--utd6Cngg2E2TPuEjmdXqymAXYCFmEDS-m6sR4Y9w48X5MV-nw",
"e" : "AQAB" } ]
Using “kid”,”n” and “e” we can generate public RSA certificate which is sufficient enough to generate required data.
But we don’t need to generate public RSA key as we are decoding it again in KeyCloakServiceImpl.java in sunbird-utils, so if we implement this we can reduce the code also.
|
Code Changes:
We have to create Class which will implement the above concept and will fetch the required SSO_PUBLIC_KEY value and we also have to remove method named “toPublicKey” in KeyCloakServiceImpl.java (sunbird-utils of sunbird-lms-service).
Further we have do some relevant changes in AutheticationHelper.java as it have used the same SSO_PUBLIC_KEY value.