## Kafka
KAFKA_IMAGE=quay.io/strimzi/kafka:0.35.0-kafka-3.4.0
KAFKA_BRIDGE_IMAGE=quay.io/strimzi/kafka-bridge:0.25.0
-KAFKA_UI_IMAGE=provectuslabs/kafka-ui:v0.7.2
+KAFKA_UI_IMAGE=ghcr.io/kafbat/kafka-ui:v1.2.0
## Messages (DMaaP)
DMAAP_IMAGE=nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.18
--- /dev/null
+# Create RSA Private Key and CSR (Certificate Signing Request)
+
+ openssl req -new -newkey rsa:4096 -nodes -keyout smo.o-ran-sc.org.key -out smo.o-ran-sc.org.csr -subj "/CN=smo.o-ran-sc.org"
+
+# Create a config file containing the SANs
+
+ smo.o-ran-sc.org.ext - Hand coded file containing the SANs and related information to be used in later stages
+
+# Generate the Certificate using the key, csr and config file
+
+ openssl x509 -req -in smo.o-ran-sc.org.csr -signkey smo.o-ran-sc.org.key -out smo.o-ran-sc.org.crt -days 365 -extfile smo.o-ran-sc.org.ext
+
+# Verify the Certificate
+
+ openssl x509 -in smo.o-ran-sc.org.crt -noout -text
+
+# Install/Trust the Certificate (if you dont want to see the warning in the browser or when running curl)
+
+ sudo cp smo.o-ran-sc.org.crt /usr/local/share/ca-certificates/
+ sudo update-ca-certificates
+
+# Java applications require certificates in .jks format
+
+ ## Step 1 - Convert to .p12 format
+ openssl pkcs12 -export -in smo.o-ran-sc.org.crt -inkey smo.o-ran-sc.org.key -out smo.o-ran-sc.org.p12 -name traefikp12 -passout pass:changeit
+
+ ## Step 2 - Convert .p12 to .jks -
+ keytool -importkeystore -srckeystore smo.o-ran-sc.org.p12 -srcstoretype PKCS12 -destkeystore smo.o-ran-sc.org.jks -deststoretype JKS -deststorepass changeit -srcstorepass changeit -alias traefikp12
+
+
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIF1DCCA7ygAwIBAgIUB1CNmJ5LSjziLtOz22+neOzxIYswDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQc21vLm8tcmFuLXNjLm9yZzAeFw0yNTAzMjYxNDE5MTRa
+Fw0yNjAzMjYxNDE5MTRaMBsxGTAXBgNVBAMMEHNtby5vLXJhbi1zYy5vcmcwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDbR5lB67CpkbEvHekbN2+PQn3u
+FWe5QPrZHS8qTtz/OXEI0v8pAS+UwEzszMun1ILiiciCvMwVFhgCOeksf0yVlSVs
+hRn+P7ljw0BJLZg9A6QCmesSGAmjaF/Y7nZQ91g4Zn9nqIt0gWXqEzD0HaS4MKX0
+dXd+AeTTdp6zj22mFmX+AEyurGLfalzOOtInd6hQp6OBo5j/EPRyi4BI+Lg1GEuX
+W/8CUjGRHUv68eyhejfs15eMUjjBL8hws7BnYBH1IzuuEKuSPPJouAUAawcCmRww
+ZqCCmHF6qecfZurqbxofDDCnjDKZSw3vtUbQ+AKujJdDZiU6/aQ+HQ3wu0XpYSBB
+7KA9aOQqqocFWkfyYLnN51XTyt6sAfCBK4oqsrs70E97xOb0MLcW69qabI1AC5SE
+QYrQz0YdWNrehBi43CruNBWS90j5unGenARqzEuK1RsNHhGBfD76YkK9b60JxeBl
+nPus4WU6FPGz6J867NkSDUiSsgIDkm9+zbJ0sggczVt4R/LbdowIgeOR4r8OBkOc
+Yxm/BXDR9BdPVykKBSqxrDG6nRxMbo0Bw+rv5elf+4KdEo75vBvubXQN6X/WIEn6
+v2lqM1+T8OG7Q9X3ti1JIAIv80SQy2DU9cT2PWXj5P/cPMmtxge8tVDI/1cpCTaT
+z0WryyCU3HO3Wrs20QIDAQABo4IBDjCCAQowQAYDVR0jBDkwN6EfpB0wGzEZMBcG
+A1UEAwwQc21vLm8tcmFuLXNjLm9yZ4IUB1CNmJ5LSjziLtOz22+neOzxIYswCQYD
+VR0TBAIwADALBgNVHQ8EBAMCBaAwga0GA1UdEQSBpTCBooIQc21vLm8tcmFuLXNj
+Lm9yZ4IZaWRlbnRpdHkuc21vLm8tcmFuLXNjLm9yZ4IidmVzLWNvbGxlY3Rvci5k
+Y24uc21vLm8tcmFuLXNjLm9yZ4IZa2Fma2EtdWkuc21vLm8tcmFuLXNjLm9yZ4IY
+Z2F0ZXdheS5zbW8uby1yYW4tc2Mub3JnghppbmZsdXhkYjIuc21vLm8tcmFuLXNj
+Lm9yZzANBgkqhkiG9w0BAQsFAAOCAgEAFiPwswFGsvf8Am70mvyfucgV/WwgEva8
+X/8+4NcMOMJKVX55n7O8m4r4UE+z7Aw82/Oq0Hn6w202lEpoBTBsmzxIDMYKMHy+
++RuCf+M/m+b8uT2sIX2QLgTES7b3RGZh6OPRBUN01HufAKnm0lOfpKacwL2/Ox6u
+gESxvsqFGM2t1TRSUNifQ7T9I+csJmLbNlYCYTdAt9SNdY0Z4Obv7uRQ5gontWQV
+glJYDtls84i9dwzStBWtJ7vcz21oRupRGotEBl05Ju3Jvt8oqvZxMJs+rnESRxZd
+purKyEEZpPLK2sqCdWOe2ceNS3fgFtPaPJrKkdqj7iKasIWxI1Rzj0O6wHXWZ1wJ
+U6b97devNljskfEeBC7pJ9lMUCbtoufk+5W07vrxrzG6gNUSG5LHeFDIZZ9ip3S0
+gl4Ip8lAb1u6PRbNERvPssLizMAKHwXU6+lrw5B0yiDX4+5UJWzly8n0K6gdzAxG
+wTr3dC9LeHG1TguYPNaYHYU7VrFcOTrnDWNECpLUbWSFlhT2bYbSqWTLQFLyrHDo
+tZ6mbVOc9BnvYHAIOuuOfsJ8ur5c16Ysrc2eVyy13Hu93NIvcgSPyGsn3xbbgVZC
+nwDYIs9t6hFijxmcsxKmy4gXyJX8nVfH745XfQR6TStLY6hQjVdYEfG8aSGn2yJD
+HujnfccXVK8=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEYDCCAkgCAQAwGzEZMBcGA1UEAwwQc21vLm8tcmFuLXNjLm9yZzCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBANtHmUHrsKmRsS8d6Rs3b49Cfe4VZ7lA
++tkdLypO3P85cQjS/ykBL5TATOzMy6fUguKJyIK8zBUWGAI56Sx/TJWVJWyFGf4/
+uWPDQEktmD0DpAKZ6xIYCaNoX9judlD3WDhmf2eoi3SBZeoTMPQdpLgwpfR1d34B
+5NN2nrOPbaYWZf4ATK6sYt9qXM460id3qFCno4GjmP8Q9HKLgEj4uDUYS5db/wJS
+MZEdS/rx7KF6N+zXl4xSOMEvyHCzsGdgEfUjO64Qq5I88mi4BQBrBwKZHDBmoIKY
+cXqp5x9m6upvGh8MMKeMMplLDe+1RtD4Aq6Ml0NmJTr9pD4dDfC7RelhIEHsoD1o
+5CqqhwVaR/Jguc3nVdPK3qwB8IEriiqyuzvQT3vE5vQwtxbr2ppsjUALlIRBitDP
+Rh1Y2t6EGLjcKu40FZL3SPm6cZ6cBGrMS4rVGw0eEYF8PvpiQr1vrQnF4GWc+6zh
+ZToU8bPonzrs2RINSJKyAgOSb37NsnSyCBzNW3hH8tt2jAiB45Hivw4GQ5xjGb8F
+cNH0F09XKQoFKrGsMbqdHExujQHD6u/l6V/7gp0Sjvm8G+5tdA3pf9YgSfq/aWoz
+X5Pw4btD1fe2LUkgAi/zRJDLYNT1xPY9ZePk/9w8ya3GB7y1UMj/VykJNpPPRavL
+IJTcc7dauzbRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAfuIUW98BSWYrDV+Y
+kUX5zc+OWXfjAOm3dW2bF+E5Zih1j5Sut9OiWqxqf6qPDpxnIk3jKzezMxxbVo/1
+umVLNX7PoojbZq/C7QXDR1JI8/E/hDpg44mF/Kx2FZeWzpg5MG8wffX/ZFD93Jpy
+ULt5EgAMQd+bkG0A2l6zBs/YPC/ttPGcFMkbyRFfjdPbcajXo4x6SoeUnnJ+6be4
+GJ716atyuWX3B9jp1YETUO0lXnfkEtuzhOEtBjqLrZnmMk4Q13oD4uYf2zk32Nvy
+V1DSX1SNuEAiJqxTu4k58TX+F8TtWYsUiH3EBT16Vq48zVfkh028IoFEusNZW8Eg
+TLIjBHXje2zG80Edfq7N+YmIcEamIHNOChMz0AaZ3ShOitTifX5DJovNdmeQ9q82
+mSdnGuHVHGxHPJ1WJskPHOhmO9NEfDPsCc9C3dDREtOxCx2aI+hWVmYWR6PjsmHs
+3lUeZipmnvXd5iQtQnPsD49eQEQ4P3xlrvkKM+gLZ6T6Brmo/seiJE/EC/UYcc/d
+ozJJzK0a7y62EwLBQ3HP15KTDcT7oR/wsmc6bz4ztq+4GhF69X4PvWvzab75qM3w
+Amfm55WjDwMEdOFSdE2j1liA4RwDHUOktk3mjWv8a1RWzz7EwM7yLayD4dfspdKu
+ZdXHgnRHjOv8YnmQ4ZezJpjTIZA=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = smo.o-ran-sc.org
+DNS.2 = identity.smo.o-ran-sc.org
+DNS.3 = ves-collector.dcn.smo.o-ran-sc.org
+DNS.4 = kafka-ui.smo.o-ran-sc.org
+DNS.5 = gateway.smo.o-ran-sc.org
+DNS.6 = influxdb2.smo.o-ran-sc.org
+
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDbR5lB67CpkbEv
+HekbN2+PQn3uFWe5QPrZHS8qTtz/OXEI0v8pAS+UwEzszMun1ILiiciCvMwVFhgC
+Oeksf0yVlSVshRn+P7ljw0BJLZg9A6QCmesSGAmjaF/Y7nZQ91g4Zn9nqIt0gWXq
+EzD0HaS4MKX0dXd+AeTTdp6zj22mFmX+AEyurGLfalzOOtInd6hQp6OBo5j/EPRy
+i4BI+Lg1GEuXW/8CUjGRHUv68eyhejfs15eMUjjBL8hws7BnYBH1IzuuEKuSPPJo
+uAUAawcCmRwwZqCCmHF6qecfZurqbxofDDCnjDKZSw3vtUbQ+AKujJdDZiU6/aQ+
+HQ3wu0XpYSBB7KA9aOQqqocFWkfyYLnN51XTyt6sAfCBK4oqsrs70E97xOb0MLcW
+69qabI1AC5SEQYrQz0YdWNrehBi43CruNBWS90j5unGenARqzEuK1RsNHhGBfD76
+YkK9b60JxeBlnPus4WU6FPGz6J867NkSDUiSsgIDkm9+zbJ0sggczVt4R/LbdowI
+geOR4r8OBkOcYxm/BXDR9BdPVykKBSqxrDG6nRxMbo0Bw+rv5elf+4KdEo75vBvu
+bXQN6X/WIEn6v2lqM1+T8OG7Q9X3ti1JIAIv80SQy2DU9cT2PWXj5P/cPMmtxge8
+tVDI/1cpCTaTz0WryyCU3HO3Wrs20QIDAQABAoICAHxPVbnCRK+MsZbVbQ4J2kur
+1TpAlkG2bb7hxZhFhxGFXegzvYVgb7nzXmisHRQy7FRC6hH7t/KISOoSLHcWX7M5
+DzM7LaYuOAovaWVS3MhSJQt4eIQUbnpdtGCFpzt1TWUD7lw0d4J/zOfrI0hw+a2V
+nq88XJZpunCLAaMnv3B1qDJbtx0bCx4+7QfY3sSTGC9JKe9XcGfBE+NP5FT582ve
+LxRKigGl2QW8RxOnTI+qesPg4MAi6JvUW9xQccPY+bUv2ShvuOQ5eu8Uy3kWM64s
+YIer1njStRpl8Wmi7bAjdfp97aM+Xnz6yJbI/LGAt/x+JU6HPLn5ir/PttRvRkzg
+KNVMP00W/sQSTCGNIw36xIxmCVue8fbMbYZnkvMbiGyRBKMhrdWmRn5g1HlaWipl
+HBYMzO/+E7s3Ac1c1ZrHKxQpZfY2krIgWxzK4S8nGNfDFZmILmx9De5qJJy1vGZF
+8A/kYGjIERpZJBOHK1zzWiAJUw/NBElb5nxaoLDsjsWbaYio5Sy3wcFWQlBeRIxR
+Ot3ZD1KmA9qEGopjcFNC+58v4cSLRrS54RgKQvCQl+aXse3g0GDz3Jkt5XBYFQvk
+LNkTOnGEV4IovUCkEthxrG/2uSomqKCWCRSO66sPsMw3cSNS7Z2AjoygtCKtzRsX
+wkt50RabU/Vhd/+k6bRxAoIBAQDtxqKtTrIRfjRg58HBAwNUz9It3HV2/NIB5VgO
+sNYUY1egk9ad9JGwXRvbV7yHK0epbbFr+NVnJLiSQyGfjr6ub7SPeIlvwcExXRZe
+MvyJVWnFXhcAYwG7Xp9RPIDDTeZDljTs6xfKs2u/ArL+fCw0eh7uWtFz0CYdhmVS
+mPfuo9yY4XR7BJYhfijge3TrWGuA68OwcZInyi5FxBqzEH0EmPy/VC5Ioa5K/7O0
+y/s3h8hTJQws+DKxGTfg557bcMp9Gx+emXiq8BGKy+P8jf0P5B1cH3zTlGljNLvg
+E8n1zoeqI5XgOt2yjVrQg4/uKmgOVlJ3b4o2QehWFJIs1sr9AoIBAQDsFg0n7aUD
+WZDTXD+yZsBNmMdKjb7t6ea+qHohL/5eJD1y6coOGaTnVbYG7zz25QOc5ysw458K
+Xg/VFw593W4MsxshAWRefUz6oDpIgx7sWw+i1t89wcKSz52bWXesdBz0Lem9q9mj
+YlJzdopgfNbD18qTDy3wWmDQgYxnzlmwc7DsmD/hz1QenBPYlm7jurUyCWC1YKJM
+CftcpwRzEo7lHJNBUloLGeINxAP0/FUkulxJIRr/G/3h22/3i7Vqlm3BbUnUSJxC
+Lj1jssnXAVW7A1bH76zckerEQFaFD3t7jYyHuIBZ1ikCdxntq9fSrFn51vqnSTua
+kjoGE4IcbfVlAoIBABoL10gaxcDKzVwMJxpIhTXmKgTiEG//U9XnVJUPY/QJydCK
+QUk+QDNMj7+gRcOcxxXVMUk9kcrhp+JFvkonLdYX4HSS5KM8WzhYFRouhaFZnOOE
+4golzkvDGrqgYQ6D2wRuUM/fFNUcgGIFHqxn18PL2NWNV0JTe8liLnk0znvysTiC
+Aetz3io/EqU8gNtC7UvLB72tQzBeomD8EVyqIre9NnqS8xr7swb+KaZVbehwVE5f
+UY0fhxYFSCy30pwBJ/06WmVaNHCtKY7FtOy2dREnkNvFizv2FvFKFoZ+RHJLtGq7
+yTAt4pkriNYsgzi4pntjk1cH/eDhqVy8liKZSNUCggEBAJsJiC42c+0VPnRu2i2w
+KI1MzWN6Xm4i8rM2NK3itKriJbB3M4e6834v3VAEgAarMooxjT2X3XOTfdY0RAII
+DiMs453zKhSbOJhF7MB9yyrwSf5oGUaXHc4HpbrFMEACKJl6JUu3tT8EbJ0CtbDT
+ir4l0hRtHX//+iAzUx9AdcnYz9Ev0pPZ8aYAXVAYyk2m6SMo4Wd7RFmnHHkl/VgM
+UebHszRsflFX+AmONgMGSmvKLpyfrvjlSv6teoQYLVUH4J/rw1YzMNqNPydf3Ajk
+CYa8lJrMHLrk4EVs8uSC3FaxCB6A3VkhuOCzkkVwWlUxdg0KTqTZBNlnOc+PtBwz
+YbkCggEAK03jxSsqnTVjhMR0AJlx8ljvoJRofQYkcUx5h7tZioo1lek9QhWvBtzU
+jcTue81YSxYnuNLGTpisz0WY7nNewXXggx+wfQoBYgVj+aLOFMZ+U+JbCYmjtDMa
+wWxDmGIbt6tvU9kR1t7nJ0XJU0ZNI8d2Ktj2zhfxueZZabQmAvfjKrEDOyIwiGEt
+s7hludnGgnJ11GhI4wXMHhoc0I7iIXP6u24wHrrpTMVy6h27m1WqHRolS6PK367o
+Nyno63pWRt4rtTCl38UATxeJ0v9vzzs2ZBBUgQzyHt1dlCu6LTKy8IYNjPKzMLUI
+HHRxwkXLiluL1Wjr1Afz+9dcL+qWfw==
+-----END PRIVATE KEY-----
- --providers.docker.network=${TRAEFIK_NETWORK_NAME}
- --providers.docker.exposedByDefault=false
- --providers.docker.watch=true
- - --providers.file.filename=/middleware.yaml
+ - --providers.file.filename=/etc/traefik/middleware.yaml
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- - ./gateway/conf/middleware.yaml:/middleware.yaml:ro
+ - ./gateway/conf/middleware.yaml:/etc/traefik/middleware.yaml:ro
- ./gateway/conf/.htpasswd:/.htpasswd:ro
-
+ - ./certs-selfsigned/smo.o-ran-sc.org.crt:/certs/dev.crt
+ - ./certs-selfsigned/smo.o-ran-sc.org.key:/certs/dev.key
+ - ./letsencrypt:/letsencrypt # ACME storage
labels:
traefik.enable: true
traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd
image: ${IDENTITY_IMAGE}
container_name: identity
hostname: identity
+ healthcheck:
+ test: curl "http://localhost:9000/health/ready" || exit 1
+ interval: 5s
+ timeout: 10s
+ retries: 45
environment:
KEYCLOAK_CREATE_ADMIN_USER: true
KC_BOOTSTRAP_ADMIN_USERNAME: ${ADMIN_USERNAME}
KEYCLOAK_TLS_TRUSTSTORE_PASSWORD: changeit
KC_HOSTNAME: "https://identity.${HTTP_DOMAIN}"
KC_HOSTNAME_ADMIN: "https://identity.${HTTP_DOMAIN}"
- KEYCLOAK_EXTRA_ARGS: "--spi-theme-default=oam"
+ KC_HEALTH_ENABLED: true
+ KEYCLOAK_EXTRA_ARGS: "--spi-theme-default=oam --import-realm"
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
+ - ./identity/o-ran-sc-realm.json:/opt/bitnami/keycloak/data/import/o-ran-sc-realm.json
- ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
- ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
- ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
KAFKA_CLUSTERS_0_NAME: kafka
KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka:9092
DYNAMIC_CONFIG_ENABLED: 'true'
+ SPRING_CONFIG_ADDITIONAL-LOCATION: /config.yaml
+ JAVA_OPTS: "-Djavax.net.ssl.trustStore=/etc/certs/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit -Djdk.internal.httpclient.disableHostnameVerification=true"
+ volumes:
+ - ./kafka-ui/config.yaml:/config.yaml
+ - ./certs-selfsigned/smo.o-ran-sc.org.jks:/etc/certs/truststore.jks
labels:
traefik.enable: true
traefik.http.routers.kafka-ui.entrypoints: websecure
app: "kafka-ui"
deploy: "o-ran-sc-smo-common"
solution: "o-ran-sc-smo"
+ depends_on:
+ identity:
+ condition: service_healthy
networks:
dmz:
default:
stsSeconds: 315360000
stsIncludeSubdomains: true
stsPreload: true
+ oauth_headers:
+ headers:
+ customRequestHeaders:
+ Authorization: ""
# tls:
# options:
# myTLSOptions:
# minVersion: VersionTLS12
-
+tls:
+ certificates:
+ - certFile: "/certs/dev.crt"
+ keyFile: "/certs/dev.key"
}
],
"odlux.app": [],
+ "kafka-ui.app": [],
"security-admin-console": [],
"admin-cli": [],
"account-console": [],
"microprofile-jwt"
]
},
+ {
+ "id": "93bc9c5c-1414-4231-ab20-0e88fa8dade2",
+ "clientId": "kafka-ui.app",
+ "name": "Kafka-UI",
+ "description": "Kafka UI application for managing Kafka resources",
+ "rootUrl": "",
+ "adminUrl": "",
+ "baseUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "https://kafka-ui.smo.o-ran-sc.org/*"
+ ],
+ "webOrigins": [
+ "/*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "false",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "frontchannel.logout.session.required": "true",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "display.on.consent.screen": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ],
+ "access": {
+ "view": true,
+ "configure": true,
+ "manage": true
+ }
+ },
{
"id": "048a9bfc-077a-42a2-afe8-1ec13d3a43a3",
"clientId": "realm-management",
--- /dev/null
+auth:
+ type: OAUTH2
+ oauth2:
+ client:
+ keycloak:
+ provider: keycloak
+ clientId: kafka-ui.app
+ #clientSecret: yyy
+ scope: openid
+ issuer-uri: https://identity.smo.o-ran-sc.org/realms/onap
+ redirect-uri: https://kafka-ui.smo.o-ran-sc.org/login/oauth2/code/keycloak
+ user-name-attribute: preferred_username
+ client-name: keycloak
+ logoutUri: https://identity.smo.o-ran-sc.org/realms/onap/protocol/openid-connect/logout
+ custom-params:
+ type: keycloak
+ logoutUrl: https://identity.smo.o-ran-sc.org/realms/onap/protocol/openid-connect/logout
Code Review / oam.git / commitdiff