We want to setup Keycloak and Foreman without using an admin password on Foreman side. It should be possible to configure everything manually and to have a working client for Keycloak like with any other application.
hi @Trefex I hope I understand correctly what is the issue here and as far as I know the admin user and password are used to authenticate API calls for keycloak when creating Realm/Client on the Keycloak app. There may be a way to use access token instead of password if this is something you need:
The keycloak (SSO RH) admin has created a client for an existing realm in the company but does not allow me to use/have a admin/password to run the documented command (keycloak-httpd-client-install) . So I’m in the same situation as the author.
So I set everything that was requested into the documentation excepting the registration of the “keycloak object”. That was done by hand by the keycloack adminstration team.
So, I didn’t run the documented command : “keycloak-httpd-client-install”
But I’m not sure if it is modify also the local httd configuration to make httpd able to apply the keycloak authentication process.
2022-05-18 18:13:32 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-05-18 18:13:35 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-05-18 18:13:35 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-05-18 18:13:36 [NOTICE] [configure] Starting system configuration.
2022-05-18 18:13:46 [NOTICE] [configure] 250 configuration steps out of 1514 steps complete.
2022-05-18 18:13:47 [NOTICE] [configure] 500 configuration steps out of 1516 steps complete.
2022-05-18 18:13:47 [NOTICE] [configure] 750 configuration steps out of 1524 steps complete.
2022-05-18 18:13:47 [NOTICE] [configure] 1000 configuration steps out of 1528 steps complete.
2022-05-18 18:14:00 [NOTICE] [configure] 1250 configuration steps out of 1528 steps complete.
2022-05-18 18:14:00 [NOTICE] [configure] 1500 configuration steps out of 1534 steps complete.
2022-05-18 18:14:03 [NOTICE] [configure] System configuration has finished.
Executing: foreman-rake upgrade:run
At least one field decryption failed, check ENCRYPTION_KEY
It might not be necessary to have access to the admin realm, if you did not run the keycloak-httpd-client-install to autogenerate and connect to keycloak could you please provide the configuration file for keycloak from httpd.conf and maybe a printscreen on how the client is defined in the Keycloak realm, especially the configs in Keys tab.
Also please make sure that the Credentials from Keycloak config of client (like secret) is configured properly on httpd conf