Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 371f321

Browse files
MarcialRosalesMarcialRosales
committed
Grant read+write+configure to rabbit_admin user
The scopes assigned to users are roles mapped to the claim `extra_scope`. Bump up RabbitMQ to 3.11.9 Use jkws uri rather than statically configuring the signing key
1 parent 922f2d6 commit 371f321

File tree

5 files changed

+8
-24
lines changed

5 files changed

+8
-24
lines changed

bin/deploy-rabbit

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
55

66
MODE=${MODE:-uaa}
77
CONFIG=${CONFIG:-rabbitmq.config}
8-
IMAGE_TAG=${IMAGE_TAG:-3.11.7}
8+
IMAGE_TAG=${IMAGE_TAG:-3.11.9}
99
IMAGE=${IMAGE:-rabbitmq}
1010

1111
function generate-ca-server-client-kpi {

conf/keycloak/h2/keycloakdb.lock.db

Lines changed: 0 additions & 6 deletions
This file was deleted.

conf/keycloak/h2/keycloakdb.mv.db

0 Bytes
Binary file not shown.

conf/keycloak/rabbitmq.config

Lines changed: 4 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -9,20 +9,10 @@
99
]},
1010
{rabbitmq_auth_backend_oauth2, [
1111
{resource_server_id, <<"rabbitmq">>},
12+
{extra_scopes_source, <<"extra_scope">>},
13+
{preferred_username_claims, [<<"user_name">>]},
1214
{key_config, [
13-
{default_key, <<"Gnl2ZlbRh3rAr6Wymc988_5cY7T5GuePd5dpJlXDJUk">>},
14-
{signing_keys,
15-
#{<<"Gnl2ZlbRh3rAr6Wymc988_5cY7T5GuePd5dpJlXDJUk">> => {pem, <<"-----BEGIN PUBLIC KEY-----
16-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dP+vRn+Kj+S/oGd49kq
17-
6+CKNAduCC1raLfTH7B3qjmZYm45yDl+XmgK9CNmHXkho9qvmhdksdzDVsdeDlhK
18-
IdcIWadhqDzdtn1hj/22iUwrhH0bd475hlKcsiZ+oy/sdgGgAzvmmTQmdMqEXqV2
19-
B9q9KFBmo4Ahh/6+d4wM1rH9kxl0RvMAKLe+daoIHIjok8hCO4cKQQEw/ErBe4SF
20-
2cr3wQwCfF1qVu4eAVNVfxfy/uEvG3Q7x005P3TcK+QcYgJxav3lictSi5dyWLgG
21-
QAvkknWitpRK8KVLypEj5WKej6CF8nq30utn15FQg0JkHoqzwiCqqeen8GIPteI7
22-
VwIDAQAB
23-
-----END PUBLIC KEY-----">>}
24-
}
25-
}]
26-
}
15+
{jwks_url, <<"http://keycloak:8080/realms/test/protocol/openid-connect/certs">>}
16+
]}
2717
]}
2818
].

use-cases/keycloak.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ make start-rabbitmq
4141

4242
Go to http://localhost:15672/#/, click on `Click here to log in` button, and enter the credentials
4343
`rabbit_admin` as username and `rabbit_admin` as password. This is the single user created in keycloak with the
44-
appropriate scopes to access the management ui.
44+
appropriate scopes to access the management ui.
4545

4646
## Access Management api
4747

@@ -108,8 +108,8 @@ rather than `legacy-token-key`.
108108
### Configure Client
109109

110110
For backend applications which uses **Client Credentials flow** you create a **Client** with:
111-
- **Access Type** : `confidential`
112-
- With all the other flows disabled: Standard Flow, Implicit Flow, Direct Access Grants
111+
- **Access Type** : `public`
112+
- **Authentication flow** : `Standard Flow`
113113
- With **Service Accounts Enabled** on. If it is not enabled you do not have the tab `Credentials`
114114
- In tab `Credentials` you have the client id secret
115115

0 commit comments

Comments
 (0)