Write documentation for v1.0 of integrating auth
License and Copyright Notice
By submitting this issue or commenting on this issue, or contributing any content to this issue, you certify under the Developer Certificate of Origin that the content you post may be licensed under GPLv3 (for code) or CC-BY-SA 4.0 International (for non-code content).
What is the goal or the problem, and why is it important?
The goal of this issue is to write documentation for integrating auth so that the other groups know how to integrate our project.
How are you going to acheive the goal or solve the problem?
I am going to put the documentation in the IAMSystem project.
What will be produced as a result of this effort and where will it live on GitLab?
- a section in our readme that explains integration
Give a justification of weight or due date.
2 because I have to write up the processes and test it.
Who will do it, and what will they do?
@andyrewco will do this whole task
What was the outcome?
Important info about keycloak-express
This issue is becoming longer than was originally expected for the following reasons.
- Keycloak Express Connector is more complicated than I originally thought.
- There is some more configuration that needs to happen for Keycloak in order to get everything working.
- I have been following this tutorial
What needs to happen.
- I need to review the keycloak config currently in place
- If needed, I might have to change it to include clients for the different modules that will be using our IAM Server
- I need to test if there is a new public key each time keycloak is run. If so I need to find a way to dynamically pass it into the express server.
- I need to create predefined users for testing purposes.
- I need to write sample curl tests | See this issue -> #43 (closed) | to make sure that the basic routes are working
- Once all of those steps are complete, I need to try connecting the express.
- Finally I need to figure out if you can access the login form, or if you can only authenticate with header tokens.
- Figure out why keycloak gives access denied and won't let you relog in
Final Thoughts
This 2 point issue became at least a 4 point issue very quickly and therefore is not finished. The configuration for connecting keycloak to express is not working, and because keycloak is not mainstream, there is little to no support for errors. In order to find any documentation I had to spend almost 30 minutes reading through all of the keycloak source code on github. I followed 3 different tutorials and did everything the same, and it still wouldn't work. I got 500 server erors, I got 403 access denied errors, I got issues with having to clear the cache, and those are just the ones that I remember. After spending 3 months with Keycloak I can confidently say that for our purposes, its negatives far outweigh its positives. The same features that we use keycloak for could have been implemented using express in a quarter of the time. We spent the majority of our time trying to figure out configurations. Looking on the keycloak admin portal, you can see that there are setting that we never even touched and have no idea what they are for. In fact, we barely scratched the surface of the features. I fear that the next group will have to scrap all of our progress on keycloak for a similer, more personal solution. I have put a link to the tutorial for other groups to review if they want to try and get keycloak working.