HTTPS access to Keycloak

Description

The KeycloakClient bean should be created using a feign.Client.Default equipped with an SSLSocketFactory if needed.

In order to achieve that, the following is needed

Add a configuration parameter to enable TLS for the Keycloak client
Add a configuration parameter pointing to the file with the trust store to use
Add a configuration parameter for the trust store password
Improve the construction of the KeycloakClient bean to create an SSLSocketFactory that uses the trust store, create a feign.Client.Default that uses that SSLSocketFactory and pass the Client to the feign.Feign.Builder

Environment

None

Potential Workaround

None

Linked issues

Checklist

hide

Activity

Show:

Yauhen VavilkinMarch 19, 2024 at 1:59 PM

I returned the task to the ‘in progress’ status because another place was found where application-poc-tools interacts with keycloak. There is a logic where we get a certificate from keycloak in order to validate client tokens on the mgr-components side. This interaction must support TLS.

Done

Details
Assignee
Yauhen Vavilkin
Reporter
Taras Spashchenko
Labels
back-endepam-eurekaeureka-env-dry-runeureka-env-sandbox2eureka-phase5non-testable
Priority
P3
Story Points
3
Sprint
None
Development Team
Eureka
Fix versions
1.5.7
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs

Created March 4, 2024 at 10:57 AM

Updated September 30, 2024 at 11:30 AM

Resolved June 17, 2024 at 2:16 PM

TestRail: Cases

TestRail: Runs

HTTPS access to Keycloak

Description

Environment

Potential Workaround

Linked issues

clones

continues

defines

has to be done before

Checklist

Activity

Yauhen VavilkinMarch 19, 2024 at 1:59 PM

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Fix versions

TestRail: Cases

TestRail: Runs

Flag notifications

Something's gone wrong

Something's gone wrong