Bare minimum settings to get RHPAM (Business Automation) to integrate with RHSSO/keycloak?
27 views
Skip to first unread message
Bob
May 11, 2022, 4:42:48 AM5/11/22
to Keycloak User
What are the bare minimum settings needed to get RHPAM (RedHat Business Automation) when installed as an Operator inside Openshift cluster to be able to integrate with RHSSO (Red Hat Single Sign On based on Open Source Keycloak as installed as Instantiated Template in the Catalog) ?
I have been able to deploy RHSSO (persistent with PostgreSQL db) and RHPAM Business Automation 7.12.1-2 in the same project and namespace on the same Openshift 4.9.x cluster...
In the RHSSO I have set up the realm, created the client, etc etc
And in the RHPAM side when after the Operator deploys, I use the console-cr-form the form based version of the Installer wizard to deploy the RHPAM in authoring instance/mode with the RHSSO as authentication mode and create/set the client ID, client secret etc etc...
Then when I click on the url link in the exposed routes section of the networking menu in OCP, I see the url for RHPAM, click on it and can confirm that it redirects to the RHSSO page for me to login. I have already created a user with username/password account in RHSSO and I authenticate against that user but when it should get to the final landing page and log me in into RHPAM as that user, instead it tells me the error message of :
Yet when I check the RHSSO side I can see that a session was connected, including what was my IP address, username/account used, etc etc...
So the connection portion of this is working but yet it won't finally allow me to actually log inot the RHPAM even though by all appearances it was able to pass that credentials over...
Is there a good YouTube video or specific documentation, kb articles, or whatever on how to get a barebone proof of concept working whereby I can log into RHPAM with RHSSO?
Example yaml for the RHPAM installer is here below:
apiVersion: app.kiegroup.org/v2
kind: KieApp
metadata:
name: rhpam
spec:
environment: rhpam-authoring
commonConfig:
disableSsl: true
adminUser: admin
adminPassword: admin
startupStrategy:
strategyName: OpenShiftStartupStrategy
auth:
sso:
url: 'https://sso-sandbox.apps.www.example.io'
realm: realmz
adminuser: admin
adminPassword: admin
disableSSLCertValidation: true
objects:
console:
ssoClient:
name: clientname
secret: clientsecret
hostnameHTTP: 'http://sso-sandbox.apps.www.example.io/'
hostnameHTTPS: 'https://sso-sandbox.apps.www.example.io/'
servers:
- id: kie
name: kie
ssoClient:
name: clientname
secret: clientsecret
hostnameHTTP: 'https://sso-sandbox.apps.www.example.io/'
hostnameHTTPS: 'https://sso-sandbox.apps.www.example.io/'
I have been able to deploy RHSSO (persistent with PostgreSQL db) and RHPAM Business Automation 7.12.1-2 in the same project and namespace on the same Openshift 4.9.x cluster...
In the RHSSO I have set up the realm, created the client, etc etc
And in the RHPAM side when after the Operator deploys, I use the console-cr-form the form based version of the Installer wizard to deploy the RHPAM in authoring instance/mode with the RHSSO as authentication mode and create/set the client ID, client secret etc etc...
Then when I click on the url link in the exposed routes section of the networking menu in OCP, I see the url for RHPAM, click on it and can confirm that it redirects to the RHSSO page for me to login. I have already created a user with username/password account in RHSSO and I authenticate against that user but when it should get to the final landing page and log me in into RHPAM as that user, instead it tells me the error message of :
Yet when I check the RHSSO side I can see that a session was connected, including what was my IP address, username/account used, etc etc...
So the connection portion of this is working but yet it won't finally allow me to actually log inot the RHPAM even though by all appearances it was able to pass that credentials over...
Is there a good YouTube video or specific documentation, kb articles, or whatever on how to get a barebone proof of concept working whereby I can log into RHPAM with RHSSO?
Example yaml for the RHPAM installer is here below:
apiVersion: app.kiegroup.org/v2
kind: KieApp
metadata:
name: rhpam
spec:
environment: rhpam-authoring
commonConfig:
disableSsl: true
adminUser: admin
adminPassword: admin
startupStrategy:
strategyName: OpenShiftStartupStrategy
auth:
sso:
url: 'https://sso-sandbox.apps.www.example.io'
realm: realmz
adminuser: admin
adminPassword: admin
disableSSLCertValidation: true
objects:
console:
ssoClient:
name: clientname
secret: clientsecret
hostnameHTTP: 'http://sso-sandbox.apps.www.example.io/'
hostnameHTTPS: 'https://sso-sandbox.apps.www.example.io/'
servers:
- id: kie
name: kie
ssoClient:
name: clientname
secret: clientsecret
hostnameHTTP: 'https://sso-sandbox.apps.www.example.io/'
hostnameHTTPS: 'https://sso-sandbox.apps.www.example.io/'
Bob
May 11, 2022, 12:23:11 PM5/11/22
to Keycloak User
Business Central
Login failed: Not Authorized
Reply all
Reply to author
Forward
0 new messages