Authentication with keycloak
Keycloak is an open source Identity and Access Management solution.
All the clients need to get an authentication token from the defined keycloak instance deployed within the infrastructure to access the Master API:
The deployment section explains how to configure it.
Default configuration of the DecisionBrain Keycloak docker image
The pre-configured realm is "decisionbrain" and the client is "optimserver". The role "optimserver" gives access to master API. The group "web-console" has role "optimserver".
A default user is provided, part of group "web-console", with the following credentials: "optimserver" / "optimserver".
Get token from code
The following example can be used for any Java based application to get a token:
Maven users
Add this dependency to your project's POM:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-client</artifactId>
<version>4.8.2.Final</version>
</dependency>
Gradle users
Add this dependency to your project's build file:
compile "org.keycloak:keycloak-authz-client:4.8.2.Final"
Get an access token
You can then get an access token with a simple code :
public String getToken() {
final Configuration configuration = new Configuration("keycloakUrl",
"decisionbrain", // keycloak realm
"optimserver", // keycloak client
Collections.singletonMap("secret", ""),
HttpClients.createDefault());
try {
return AuthzClient.create(configuration).obtainAccessToken("optimserver", "optimserver").getToken(); // keycloak user and password
} catch (Exception e) {
throw new IllegalArgumentException("Token can't be obtained", e);
}
}
This token can be used in all HTTP requests to call the Master API. It should be passed in an AUTHORIZATION Http Request Header with the prefix Bearer.
Example :
curl -H 'Authorization: Bearer TOKEN' http://MASTER_URL