From f51ad8834b640e29b01205babb6778ea306f9359 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 13 Dec 2022 16:41:45 -0600 Subject: [PATCH] Add metrics. --- config/keycloak/import/cerc-realm.json | 70 ++++++++++++----------- config/keycloak/nginx/keycloak_proxy.conf | 60 ++++++++++--------- container-build/cerc-keycloak/Dockerfile | 8 ++- 3 files changed, 73 insertions(+), 65 deletions(-) diff --git a/config/keycloak/import/cerc-realm.json b/config/keycloak/import/cerc-realm.json index 7cacaf75..e1e9dc97 100644 --- a/config/keycloak/import/cerc-realm.json +++ b/config/keycloak/import/cerc-realm.json @@ -1077,9 +1077,11 @@ }, "smtpServer": {}, "accountTheme": "custom", - "eventsEnabled": false, + "eventsEnabled": true, + "eventsExpiration": 604800, "eventsListeners": [ "api-key-registration-generation", + "metrics-listener", "jboss-logging" ], "enabledEventTypes": [ @@ -1184,13 +1186,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", "oidc-address-mapper" ] } @@ -1235,14 +1237,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-address-mapper" + "oidc-usermodel-attribute-mapper" ] } }, @@ -1310,7 +1312,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "ff26f4cd-37cb-4fd7-b1ca-a9c7bf18b513", + "id": "43505ad9-3c8d-4f11-9f90-55bcf19e621b", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1336,7 +1338,7 @@ ] }, { - "id": "9f687769-523f-4644-9071-762be675a65c", + "id": "f5a8bcf1-b58f-4fd9-a0c1-4ec3933d9d64", "alias": "Handle Existing Account - Alternatives - 0", "description": "Subflow of Handle Existing Account with alternative executions", "providerId": "basic-flow", @@ -1362,7 +1364,7 @@ ] }, { - "id": "536c5d7c-7c05-4090-a4ad-4d52bf7b0b32", + "id": "b3f19451-b375-4341-8c23-f9a3b531ceb0", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1388,7 +1390,7 @@ ] }, { - "id": "579f12ed-b8bb-4454-909b-7214395b0618", + "id": "0db81a1c-dd36-4721-89e4-19dc7e204b56", "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", "providerId": "basic-flow", @@ -1414,7 +1416,7 @@ ] }, { - "id": "140ddee8-3a08-4871-a001-40d7445a53c8", + "id": "e0937686-c0c4-41b2-8abd-98b5219e1953", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1456,7 +1458,7 @@ ] }, { - "id": "f744beca-2c05-4525-b7c7-03a38d5fec76", + "id": "3508fa7b-a459-44ad-b56a-af9737ed86a5", "alias": "browser plus basic", "description": "browser based authentication", "providerId": "basic-flow", @@ -1506,7 +1508,7 @@ ] }, { - "id": "335698a5-f6ea-4cca-a5f8-5ae7544eedba", + "id": "79ee49ad-20f2-4967-a9bf-ddca82c1516c", "alias": "browser plus basic forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1532,7 +1534,7 @@ ] }, { - "id": "de2913c6-e3c6-4a5f-9726-a5a6cacc975d", + "id": "802ce2dc-dd4a-45e6-837e-fecc17affe55", "alias": "browser plus basic forms - auth-otp-form - Conditional", "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", "providerId": "basic-flow", @@ -1558,7 +1560,7 @@ ] }, { - "id": "2bbe9c77-e0b9-468b-a26b-ea420b826671", + "id": "0f4a4d19-db06-409b-baa8-a3c8a6f52a22", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1600,7 +1602,7 @@ ] }, { - "id": "1714fea3-76c4-4a5e-8e23-1122cc89863a", + "id": "b177d3f1-dad8-4b40-ac1d-04038f0e5a7d", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1634,7 +1636,7 @@ ] }, { - "id": "9bf9bbbb-853a-4630-bbe0-96d357f86b59", + "id": "788ccbc9-c3c8-468d-8d4c-d2eb04b438a5", "alias": "direct grant - direct-grant-validate-otp - Conditional", "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", "providerId": "basic-flow", @@ -1660,7 +1662,7 @@ ] }, { - "id": "b9a8e00d-1d80-47c4-bce3-ae60965e95af", + "id": "8edd3a8f-7d9d-4029-8fd2-21a8ead2b090", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1678,7 +1680,7 @@ ] }, { - "id": "734b1c5b-23f2-46f8-91e7-835239874868", + "id": "a67bc8ee-b99a-409f-adf5-a7d4c7f27512", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1705,7 +1707,7 @@ ] }, { - "id": "7519566f-1a8f-41cc-ba86-18288ffca213", + "id": "ffe8dad9-6998-4358-ab2c-061cf7235d53", "alias": "first broker login - Alternatives - 0", "description": "Subflow of first broker login with alternative executions", "providerId": "basic-flow", @@ -1732,7 +1734,7 @@ ] }, { - "id": "fae18f00-185b-4a4b-a420-8d389bfedd31", + "id": "26133bdd-6657-449d-a823-73519956b272", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1758,7 +1760,7 @@ ] }, { - "id": "91375637-e26a-4ce3-a8b7-276a63921bf6", + "id": "57620e5a-f7cd-4e88-ac51-d78e91ff7868", "alias": "forms - auth-otp-form - Conditional", "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", "providerId": "basic-flow", @@ -1784,7 +1786,7 @@ ] }, { - "id": "310e62a2-5cbb-4b4d-a95b-a5b9924aa632", + "id": "cffbb5df-de0a-49ed-9136-296a877ab175", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1826,7 +1828,7 @@ ] }, { - "id": "5603a5ef-9067-4811-95a1-c2934b524521", + "id": "6ac5a9df-dacb-462c-9b12-207470e9fcbf", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1845,7 +1847,7 @@ ] }, { - "id": "bd200efc-bc32-473c-9fa8-faa381af46f3", + "id": "27e40f78-ce1e-4ad4-9b48-88a8bf9c8d92", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1887,7 +1889,7 @@ ] }, { - "id": "20db9450-a77f-4e61-ac01-4acbf0d13592", + "id": "31340e3b-f6c7-49ce-94ac-f28213b84be6", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -1929,7 +1931,7 @@ ] }, { - "id": "2118eabb-8e7f-471b-aaf3-5c0acb1d8e67", + "id": "aee4a6d9-caab-463e-ad62-48aba91a4098", "alias": "reset credentials - reset-otp - Conditional", "description": "Flow to determine if the reset-otp authenticator should be used or not.", "providerId": "basic-flow", @@ -1955,7 +1957,7 @@ ] }, { - "id": "392ffdde-de05-4986-81dc-7fef5bde4334", + "id": "4052bdf6-9b94-42a1-b199-0c14ffe67ac5", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -1975,14 +1977,14 @@ ], "authenticatorConfig": [ { - "id": "8c231d46-b83f-489a-b953-8a11e1221c72", + "id": "4bc95f52-8c28-449c-830b-a4ffc3340399", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "b444f680-f162-46ea-9aa6-02db0222fdfb", + "id": "367a56fc-c128-43f8-85d5-50ceae63b7aa", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2074,7 +2076,7 @@ "cibaInterval": "5", "realmReusableOtpCode": "false" }, - "keycloakVersion": "20.0.0", + "keycloakVersion": "20.0.2", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/config/keycloak/nginx/keycloak_proxy.conf b/config/keycloak/nginx/keycloak_proxy.conf index d6e5da05..373ce697 100644 --- a/config/keycloak/nginx/keycloak_proxy.conf +++ b/config/keycloak/nginx/keycloak_proxy.conf @@ -19,34 +19,34 @@ server { proxy_pass http://fixturenet-eth-geth-1:8545; } - location ~ ^/ipld/eth/([^/]*)$ { - set $apiKey $1; - if ($apiKey = '') { - set $apiKey $http_X_API_KEY; - } - auth_request /auth; - proxy_buffering off; - rewrite /.*$ / break; - proxy_pass http://ipld-eth-server:8081; - } - - location ~ ^/ipld/gql/([^/]*)$ { - set $apiKey $1; - if ($apiKey = '') { - set $apiKey $http_X_API_KEY; - } - auth_request /auth; - proxy_buffering off; - rewrite /.*$ / break; - proxy_pass http://ipld-eth-server:8082; - } - - location /beacon/ { - set $apiKey $http_X_API_KEY; - auth_request /auth; - proxy_buffering off; - proxy_pass http://fixturenet-eth-lighthouse-1:8001/; - } +# location ~ ^/ipld/eth/([^/]*)$ { +# set $apiKey $1; +# if ($apiKey = '') { +# set $apiKey $http_X_API_KEY; +# } +# auth_request /auth; +# proxy_buffering off; +# rewrite /.*$ / break; +# proxy_pass http://ipld-eth-server:8081; +# } +# +# location ~ ^/ipld/gql/([^/]*)$ { +# set $apiKey $1; +# if ($apiKey = '') { +# set $apiKey $http_X_API_KEY; +# } +# auth_request /auth; +# proxy_buffering off; +# rewrite /.*$ / break; +# proxy_pass http://ipld-eth-server:8082; +# } +# +# location /beacon/ { +# set $apiKey $http_X_API_KEY; +# auth_request /auth; +# proxy_buffering off; +# proxy_pass http://fixturenet-eth-lighthouse-1:8001/; +# } location = /auth { internal; @@ -59,4 +59,8 @@ server { proxy_set_header X-Original-Remote-Addr $remote_addr; proxy_set_header X-Original-Host $host; } + +# location = /basic_status { +# stub_status; +# } } diff --git a/container-build/cerc-keycloak/Dockerfile b/container-build/cerc-keycloak/Dockerfile index f3f22f8e..b2c518b8 100644 --- a/container-build/cerc-keycloak/Dockerfile +++ b/container-build/cerc-keycloak/Dockerfile @@ -1,10 +1,12 @@ FROM maven:3-eclipse-temurin-11-alpine AS builder RUN apk add --update --no-cache git WORKDIR /build -RUN git clone https://github.com/cerc-io/keycloak-api-key-demo.git -RUN cd keycloak-api-key-demo && \ - git checkout 81d0a443c363cb55df2c90e3b13fc5a4710197ba && \ +RUN git clone https://github.com/cerc-io/keycloak-api-key-demo.git && \ + cd keycloak-api-key-demo && \ + git checkout '043309204aba4c3cb2f6a006c58a9a430b733b29' && \ mvn -f api-key-module package FROM quay.io/keycloak/keycloak:20.0 COPY --from=builder /build/keycloak-api-key-demo//api-key-module/target/deploy/* /opt/keycloak/providers/ +WORKDIR /opt/keycloak/providers +RUN curl -L https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar --output keycloak-metrics-spi.jar