Custom Keycloak Build

SunbirdRC uses a custom keycloak image which is configured to enable/disable NONCE validation. The required changes are made in this repository, https://github.com/Sunbird-RC/keycloak/tree/configurable-nonce-validation.

NONCE validation is default enabled in keycloak, to turn off the validation VALIDATE_NONCE should be set to "false".

This configuration is not provided by keycloak by default even in the latest version. We have configured this change, particularly for enabling Digilocker Meripehchaan SSO (Task: https://github.com/Sunbird-RC/community/issues/593).

Build custom keycloak image

Pre-requisites

JAVA 11 (tested with 11.0.8)
Maven

Build keycloak distribution jar

Clone https://github.com/Sunbird-RC/keycloak/tree/configurable-nonce-validation the repository (Contains the source code)
Run the below command to generate the distribution jar. Reference https://github.com/Sunbird-RC/keycloak/blob/configurable-nonce-validation/docs/building.md mvn clean install -Pdistribution
The above command should create keycloak-14.0.0.tar.gz in distribution/server-dist/target directory

Build keycloak docker image

Clone https://github.com/keycloak/keycloak-containers/tree/main/ the repository (Contains the build files)
git checkout 14.0.0
cd server
Run a Python HTTP server in the keycloak repo to access the distributed jar file. python -m http.server 8001
Build the keycloak docker image, docker build -t sunbirdrc/keycloak --build-arg KEYCLOAK_DIST=http://<YOUR_IP_ADDRESS>:8001/keycloak-14.0.0.tar.gz .
Tag the new docker image and publish it to dockerhub / docker registry

PreviousAudit Configuration NextMetrics

Last updated 11 months ago