.. _aizenkeycloak:

Insall keycloak 
===============

Keycloak is installed using docker for **development testing only**

.. important::

   * This setup is not persistent so on restart of docker all the configuration will be lost

* Create script(start_keycloak.sh) with following contents

.. code-block::

    docker run -p 8080:8080 \
    -e KEYCLOAK_ADMIN=admin \
    -e KEYCLOAK_ADMIN_PASSWORD=admin \
    quay.io/keycloak/keycloak:latest \
    start-dev

* Execute the script
.. code-block::

    ./start_keycloak.sh

* Check keycloack is up and running

.. code-block::
    
    docker ps -a 

* Using your web browser, connect to the host ip address (http://<hostip>:8080)
* Log in to the admin console with username and password (admin/admin)

* Create a realm

    1. Open Keycloak admin console
    2. Click Create realm
    3. Enter "azienrealm" in Realm name field
    4. Click Create

* Secure the application (GUI)
    1. Make sure your are still in Current realm (aizenrealm)
    2. Click Clients, Create Client
    3. Enter Client type: OpenID connect
            Client ID: aizengui
    Next, Confirm Standard Flow is enabled, Click Next

    .. code-block::

        Root URL: http://172.16.26.122/ahw/gui
        Valid redirect URLs: http://172.16.26.122/ahw/gui/sso/*
        Add another redirect url http://172.16.26.122/ahw/gui/sso
        Valid post logout redirect Urls: http://172.16.26.122/ahw/gui
        Web origins: http://172.16.26.122
        Admin URL: http://172.16.26.122/ahw/gui
        Save

* Create a user

    1. Make sure your are still in Current realm (aizenrealm)
    2. Click Users, and click create new user
    3. Fill the form, 
        * Username (ahegde)
        * First name: Anuradha
        * Last name: Hegde
    4. Click Create

* In User details page, user need to set the initial password
    1. Click Credentials tab
    2. Fill in password  ( note: I set password as aizenai)
    3. Toggle temporary to Off so that the user does not need to update this password at first login

    Using the account console, you should be able login as the newly created user (ahegde) and modify the user profile

* Now create all users for accessing gui application 
  aizenadmin, aizendev, aizenai ,,,

* Login as aizenadmin in Aizen gui and register all other users