-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(keycloak): Add keycloak theme, capture university, add ORCid integration #971
Conversation
6694361
to
dd0db42
Compare
6e1270f
to
3d697d1
Compare
c5bf6c5
to
b254c9f
Compare
86dcdf5
to
81de8ed
Compare
* Use caching and retagging for keycloakify action * Fix: need to login befor querying docker registry
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool stuff! Haven't tested yet just looked through code. Should we enable dependabot for this subrepo or rather not - because all that you changed with respect to the source repo is the templates folder?
Will the workflows run despite not being in the root of the repo?
Are some of the files in here unnecessary and could be removed?
No, I think dependabot could be very painful. Yes, some files may be unnecessary, but form part of the documentation of this starter: #973 |
Here's another small PR targeting keycloakify: #1175 |
…e instead use timeout (#1175) * fix(ci): add `keycloak` to paths that trigger E2E * No need to wait for particular images, kubernetes will retry pulling images and backoff if not found Given we build many docker images, we would otherwise wait for each - not just the 2 here. Instead, use timeout to fail if the images never make it.
Sorry @theosanderson I merged #1175 into this branch here by accident - feel free to revert if you have objections. I thought I'd enable auto-squash - but it merged directly without requiring review as it's not targeting main. |
Np looks good but made one comment |
Hmm that was fine when I last checked. Will have a look in a bit |
I deleted the app and it seems fine now, but worth keeping an eye on |
Next time something like this happens I'll try to find the logs - which reminds me we should send our logs to a log aggregator, will make an issue: #1176 |
The keycloak logs were about timeouts waiting for acks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basic registration/login flow works in my tests.
So does ORCID flow, cool stuff!
Small papercuts here and there, like logout page having button outside of containing box, but that's not relevant at this stage
Resolves #743, resolves #745, resolves #546
Preview: https://keycloakify.loculus.org/
We build a custom keycloak theme with keycloakify (which is react based), which gets packaged (like most Keycloak themes) into a
.jar
file. We then put that jar file into a Docker image which serves just as a directory to store the image, and copies it out into a volume that is also mounted on keycloak in the right place for keycloak to get the theme. Keycloak does indeed gets the theme and uses it as the login theme.We also enable the
declarative_user_profile
feature of Keycloak, and use it to capture the user'sUniversity / Organisation
.We also add ORCid keycloak integration and capture the ORCid where possible
Outstanding issues:
#974 - put in real terms of use
#973 - this is branched from a starter template. there is more we can clean up but I don't feel ready to yet, because these are useful docs about how to e.g. add new pages, for now
#1172 - clean up ORCid secrets