This is a documentation update for newer Keycloak versions [issue#11690](https://github.com/cBioPortal/cbioportal/issues/11690)#11900
Conversation
dippindots
left a comment
dippindots
left a comment
There was a problem hiding this comment.
@eliaslautensack Thank you so much for puting together the updated setup doc for keycloak! We will review this doc and testing it next week.
haynescd
left a comment
haynescd
left a comment
There was a problem hiding this comment.
Looks, good!! had some small changes
| 3. To create a SAML client, go to the **Clients** item in the left menu. On this page, click the **Create** button on the right. This will bring you to the **Add Client** page. | ||
| * Enter a **Client ID** for the client, e.g. '_cbioportal_', this will be the expected `issuer` value in SAML requests sent by the application. | ||
| 2. Click on the Navigation **Manage realms** on the left and create a new realm with the **Create realm** button. | ||
|  |
There was a problem hiding this comment.
I don't see any images on the render'd md. Might need to be relative path?
|  | ||
|
|
||
| After you've downloaded the XML file with one of the above ways, move it to `portal/src/main/resources/` if you're compiling cBioPortal yourself or if you're using the Docker container, mount the file in the `/cbioportal-webapp` folder with `-v /path/to/client-tailored-saml-idp-metadata.xml:/cbioportal-webapp/WEB-INF/classes/client-tailored-saml-idp-metadata.xml`. | ||
| ** Note:** It may occur that the XML-file is not properly formatted. Please use a XML-formatting tool to repair the file in this case. |
There was a problem hiding this comment.
We can also note that users don't have to download this. They can also just set the property to the url of where the SAML Metadata is (link is in the realm main page)
Ex. https://keycloak-qa.kf-strides.org/realms/pedcbioportal/protocol/saml/descriptor
There was a problem hiding this comment.
Yes, I will add this. But if the output from keycloak is not well formatted, as I encountered, then using the link won't work.
| saml.logout.local=false | ||
| saml.logout.url=/ | ||
| ``` | ||
| 2. Then, add the security properties for SAML authentification as described in the SAML Configuration section of the [Security Properties](/deployment/customization/security.properties-reference/#saml-configuration). |
| saml.logout.url=/ | ||
| ``` | ||
| 2. Then, add the security properties for SAML authentification as described in the SAML Configuration section of the [Security Properties](/deployment/customization/security.properties-reference/#saml-configuration). | ||
|
|
There was a problem hiding this comment.
Also, in the security.properties example it would be nice to add #spring.security.saml2.relyingparty.registration.cbio-saml-idp.singlelogout.response-url=http://localhost:8080/logout/saml2/slo
to set the accepted response to logout from keycloak
|
Thanks for the feedback! I hope I got everything right. |
3 participants
This PR contains a updated keycloak dokumentation. One Chapter Generating Signing Key probably needs further changes as i'am not able to validate if this is unneccessary or my config is wrong at the moment.
The other chapters were correctly addapted to keycloak version 26.2.4.
The issues:
issue#11690
issue#11360
are related to this.
Best regards
Elias