Skip to content

add keycloak to env_example and README.md #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tawoe wants to merge 2 commits into
base: main
Choose a base branch
from
Open

add keycloak to env_example and README.md #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ca3d9ed
add keycloak to env_example and README.md
tawoe Jun 25, 2025
27c4429
improve README.md Keycloak
tawoe Jun 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,18 @@ Running in the cluster, it will look for "/var/run/secrets/kubernetes.io/service
The script will assume that the OBP user is already created. If you want to create a new OBP user, set BOOTSTRAP_OBP_USER_EXISTS to false
If you have not turned e-mail validation off (setting OBP_AUTHUSER_SKIPEMAILVALIDATION to true) on api side script will fail.
### Creating Consumer Keys
Done via Selenium webdriver. Running host/image needs chrome installed and the chromedriver executable available in the PATH.
Done via the OBP Portal Page through Selenium webdriver by default, or via keycloak bearer token.

#### Creating Consumer Keys using the Portal Page
Running host/image needs chrome installed and the chromedriver executable available in the PATH.

#### Creating Consumer Keys via OBP API with Keycloak bearer token

OBP API needs to allow role assignment via bearer token: Set OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST at OBP configuration/
Set REGISTER_WITH_KEYCLOAK = "true" if you want to register consumer keys via obp api with keycloak bearer token.
KEYCLOAK_DEPLOY_CLIENT_ID needs to be the same as configured in OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST


The script will read the existing consumer key pair from the k8s secret objects of the running api explorer and api manager deployments.

It will only create consumer keys if 'VITE_OBP_CONSUMER_KEY' (api explorer) or 'OAUTH_CONSUMER_KEY' api manager) are:
Expand Down
10 changes: 10 additions & 0 deletions env_example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,16 @@ K8S_OBP_API_NAMESPACE = "obp"
K8S_OBP_API_DEPLOYMENT = "obp-api"
# ================================================

# Set to true if you want to create consumer keys via obp api and keycloak bearer token instead of via portal page
REGISTER_WITH_KEYCLOAK = "false"
KEYCLOAK_SERVER = "https://mykeycloak.server
# KEYCLOAK_DEPLOY_CLIENT_ID needs to be the same as configured in OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST
KEYCLOAK_DEPLOY_CLIENT_ID = "open-bank-project"
KEYCLOAK_USERNAME = "keycloakadmin"
KEYCLOAK_PASSWORD = "keycloakpasswd"
KEYCLOAK_REALM = myrealm


APP_NAME = "api explorer"
# Name of the applications secret object in k8s
APP_K8S_SECRET_NAME = "api explorer"
Expand Down