-
Notifications
You must be signed in to change notification settings - Fork 9
Service ID Keycloak
- Staging: gode
- Production: adaba
No license.
Keycloak provides authentication for OpenMRS IDs. A Keycloak docker container built from the keycloak folder of openmrs-contrib-itsm-id is published within Docker Hub as openmrsinfra/openmrs-id-keycloak.
Postfix is used to relay emails from Atlassian to
users' actual email addresses. A postfix docker container built from the
postfix folder of openmrs-contrib-itsm-id
is published within Docker Hub as openmrsinfra/openmrs-id-postfix.
Only email from Atlassian email servers to username@id.openmrs.org, where
username is a valid OpenMRS ID in LDAP will be forwarded to the corresponding
user email within LDAP. This allows account management and self-service password
resets for Atlassian services (wiki, issues, etc.).
Keycloak is dockerized and is hosted at https://id-new.openmrs.org/ until OpenMRS ID legacy software is retired.
Use https://id-new.openmrs.org/admin to access the master realm
cd /root/docker/id-new
docker-compose down && \
docker-compose up -dVia ansible/docker compose apps.
Staging realm was copied from production, see details in the README file
Instead of using postgres backups, we are using exporting from production (using the keycloak admin UI) and modifying it for staging.
TBC: how prod realm should be exported
In staging, just destroy the containers; that will import the realm from the exported file.
TBC: how prod realm should be imported.
cd /root/docker/id-new
docker-compose logs -fAfter doing LDAP/user federation changes, the connection to LDAP starts failing for about 5 minutes. If you search for a user and it returns a suspicious error on JSON, just wait 5 minutes to see if the problem will go away by itself.
Read this before updating this wiki.