JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Keycloak URL: the base URL for which the Keycloak REST API is available. 
  • Keycloak Administration Account: A Keycloak account with an administrative role that is assigned the realm-management.view-clients and realm-management.view-users roles.
    • The administration account is used to retrieve the roles for a Keycloak account and for renewing access tokens.
  • Keycloak Administration Password: The password for the Keycloak Administration Account.
  • Keycloak Truststore Path:  Should the Keycloak Server be configured for HTTPS connections then the indicated truststore has to include an X.509 certificate specified for the Extended Key Usage of Server Authentication.
    • The truststore can include a selfPrivate CA-signed certificate Certificate or a Public CA-signed certificateCertificate. Typically the Root CA certificate Certificate is used as otherwise the complete certificate chain involved in signing the Server Authentication Certificate has to be available with the truststore.
    • If the Keycloak Server is operated for HTTPS connections and this setting is not specified then the JOC Cockpit will use the truststore that is configured with the JETTY_BASE/resources/joc/joc.properties configuration file. This includes use of settings for the truststore password and truststore type.
    • The path to the truststore is specified relative to the JETTY_BASE/resources/joc directory. If the truststore is located in this directory then only the file name is specified, typically with a .p12 extension. Other relative locations can be specified using, for example, ../../joc-truststore.p12 if the truststore is located in the JETTY_BASE directory. An absolute path cannot be specified and a path cannot be specified that lies before the JETTY_BASE directory in the file system hierarchy.
  • Keycloak Truststore Password: If the Keycloak Server is configured for HTTPS connections and the indicated truststore is protected by a password then the password has to be specified.
  • Keycloak Truststore Type: If the Keycloak Server is configured for HTTPS connections then the type of the truststore has to be specified being either PKCS12 or JKS (deprecated).
  • Keycloak Clients are entities that request Keycloak to authenticate a user account. For example, an application such as JOC Cockpit acts as a Client to the Keycloak Server. Clients use Keycloak to authenticate and to provide a single sign-on solution.
    • Keycloak Client ID and Keycloak Client Secret are used for 
      • requesting an access token
        • for user authentication,
        • for administrative access,
      • validating an existing access token,
      • renewing an existing access token.
    • Keycloak Client Secret: The Client owns a secret which needs to be known by both the Keycloak Server and the JOC Cockpit.
  • Keycloak Realm: A realm manages a set of users, credentials, roles, and groups. A user belongs to a realm and performs a login to a realm. Realms are isolated from each other, they manage and authenticate exclusively user accounts that they control.

...