ENG-0000 - Expose Keycloak Interface

This allows keycloak to be initialized before application bootstrap,
substantially optimizing application start time/responsiveness and
allowing keycloak access to the URL before the angular router has a
chance to mangle it.

karma.conf.js

@@ -31,19 +31,18 @@ module.exports = function(config){
 
         karmaTypescriptConfig: {
             tsconfig: "tsconfig.spec.json",
-            reports :
-                {
-                    "html"        : {
-                        "directory"   : "coverage",
-                        "subdirectory": "report",
-                    },
-                    "text-summary": "",
-                    "json-summary": {
-                        "directory": "coverage",
-                        "subdirectory": "summary",
-                        "filename": "json-summary.json"
-                    }
+            reports : {
+                "html"        : {
+                    "directory"   : "coverage",
+                    "subdirectory": "report",
                 },
+                "text-summary": "",
+                "json-summary": {
+                    "directory": "coverage",
+                    "subdirectory": "summary",
+                    "filename": "json-summary.json"
+                }
+            }
         },
         singleRun: true,
         captureTimeout: 210000,

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@al/core",
-  "version": "1.2.29",
+  "version": "1.2.30",
   "description": "Node Enterprise Packages for Alert Logic (NEPAL) Core Library",
   "main": "./dist/index.cjs.js",
   "types": "./dist/index.d.ts",
@@ -36,6 +36,7 @@
     "auth0-js": "^9.16.2",
     "axios": "^0.21.1",
     "base64-js": "~1.3.0",
+    "keycloak-js": "^22.0.5",
     "tv4": "^1.3.0"
   },
   "devDependencies": {
@@ -53,6 +54,7 @@
     "karma-cli": "^2.0.0",
     "karma-mocha": "^1.3.0",
     "karma-typescript": "^5.0.2",
+    "karma-typescript-es6-transform": "^5.5.4",
     "mocha": "~7.0.1",
     "peer-deps-externals-webpack-plugin": "^1.0.4",
     "rollup": "^2.56.2",

src/session/utilities/al-identity-providers.ts

@@ -0,0 +1,92 @@
+/**
+ *  @author Kevin Nielsen <[email protected]>
+ *  @author Robert Parker <[email protected]>
+ *
+ *  @copyright Alert Logic, Inc 2019
+ */
+
+import { WebAuth } from 'auth0-js';
+import Keycloak, { KeycloakLoginOptions, KeycloakOnLoad } from 'keycloak-js';
+import {
+    AlBehaviorPromise,
+    AlCabinet,
+    AlLocation,
+    AlLocatorService,
+    AlStopwatch,
+} from '../../common';
+import { AlDefaultClient } from '../../client';
+import { AlConduitClient } from './al-conduit-client';
+
+export class AlIdentityProviders
+{
+    /**
+     *  Keycloak and Auth0 client instances
+     */
+    protected static keycloak:Keycloak = undefined;
+    protected storage = AlCabinet.persistent("alnav");
+    protected allIsLost = false;
+
+    constructor() {
+    }
+
+    public async warmup() {
+        try {
+            await this.getKeycloak();
+        } catch( e ) {
+            console.error( e );
+        }
+    }
+
+    /**
+     * Retrieve a keycloak authentication interface.
+     */
+    public async getKeycloak():Promise<Keycloak> {
+        if ( ! AlIdentityProviders.keycloak ) {
+            const fortraPlatformUri = AlLocatorService.resolveURL( AlLocation.FortraPlatform, '/idp' );
+            AlIdentityProviders.keycloak = new Keycloak( {
+                url: fortraPlatformUri,
+                realm: 'products',
+                clientId: 'alertlogic-aims-public',
+            } );
+
+            await this.innerGetKeyCloak( AlIdentityProviders.keycloak );
+        }
+        return AlIdentityProviders.keycloak;
+    }
+
+    /**
+     * Uses a race to make sure that keycloak initialization doesn't time out -- since a misconfigured client can cause the
+     * promise to hang indefinitely.
+     */
+    protected async innerGetKeyCloak( cloak:Keycloak, timeout:number = 5000 ):Promise<void> {
+        return Promise.race( [ AlStopwatch.promise( timeout ),
+                               new Promise<void>( async ( resolve, reject ) => {
+                                    let cloakPhase = this.storage.get("cloakInitPhase", 0 );
+                                    let onLoad:KeycloakOnLoad|undefined = cloakPhase === 0 ? "check-sso" : undefined;
+                                    let silentCheckSsoRedirectUri = cloakPhase === 0 ? `${window.location.origin}/sso-check.html` : undefined;
+                                    this.storage.set("cloakInitPhase", cloakPhase + 1, 10 ).synchronize();
+                                    if ( cloakPhase > 5 ) {
+                                        this.allIsLost = true;
+                                        console.log("Refusing to initialize keycloak after too many redirect cycles" );
+                                        resolve();
+                                    } else {
+                                        console.log("Initializing cloak in phase [%s]: %s", cloakPhase, onLoad );
+                                        let initResult = await cloak.init( {
+                                                                        onLoad,
+                                                                        silentCheckSsoRedirectUri,
+                                                                        enableLogging: true,
+                                                                        checkLoginIframe: true,
+                                                                        checkLoginIframeInterval: 30,
+                                                                        pkceMethod: 'S256',
+                                                                        responseMode: "query",
+                                                                        messageReceiveTimeout: 5000
+                                                                    } );
+                                        if ( ! initResult && cloakPhase < 2 ) {
+                                            cloak.login( { prompt: 'none', redirectUri: window.location.href } );
+                                        } else {
+                                            resolve();
+                                        }
+                                    }
+                               } ) ] );
+    }
+}

src/session/utilities/index.ts

@@ -2,3 +2,4 @@ export * from "./al-conduit-client";
 export * from "./al-segment-client";
 export * from "./al-session-detector";
 export * from "./al-authentication.utility";
+export * from './al-identity-providers';

tsconfig.json

@@ -22,7 +22,7 @@
     "sourceMap"                       : true,
     "strict"                          : true,
     "strictNullChecks"                : false,
-    "target"                          : "ES2018",
+    "target"                          : "ES2020",
     "typeRoots"                       : [
       "node_modules/@types"
     ],

tsconfig.spec.json

@@ -1,7 +1,7 @@
 {
   "extends": "./tsconfig.json",
   "compilerOptions": {
-    "target": "ES2016",
+    "target": "ES2020",
     "module": "commonjs",
     "paths": {
         "@al/core": [ "./src" ]
@@ -14,6 +14,7 @@
     "./test/**/*.ts"
   ],
   "exclude"        : [
-    "node_modules"
+    "node_modules",
+    "session/utilities/al-identity-providers.ts"
   ]
 }

tslint.json

@@ -28,10 +28,7 @@
       }
     ],
     "object-literal-key-quotes": false,
-    "member-ordering": [ true, { "order": "fields-first" } ]
-
-
-
-
+    "member-ordering": [ true, { "order": "fields-first" } ],
+    "import-name": false
   }
 }