Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure clients in Keyclock #326

Closed
AnishaM7 opened this issue May 30, 2024 · 10 comments
Closed

How to configure clients in Keyclock #326

AnishaM7 opened this issue May 30, 2024 · 10 comments
Labels
question Further information is requested

Comments

@AnishaM7
Copy link

Hi Team,

we have setup ort-server using docker compose.
In our keyclock set up there are some clients by default.

Please let us know if we should create additional clients with particular role to access the ort server

or Which client can login to ort server api
image

If we have to create new client, please let us know values for these parameters
image
@mnonnenmacher mnonnenmacher added the question Further information is requested label May 30, 2024
@mnonnenmacher mnonnenmacher changed the title configure clients in keyclock set up How to configure clients in Keyclock May 30, 2024
@mnonnenmacher
Copy link
Contributor

Please have a look at the preconfigured clients in the Keylcoak instance that is started by our docker-compose.yml. It currently creates three clients:

  • ort-server: This client is used for direct API access.
  • ort-server-ui: This client is used for the UI.
  • ort-server-ui-dev: This client is used for UI development.

If you want to use your own Keycloak instance you need to configure clients similar to the first two.

@AnishaM7
Copy link
Author

Hi @mnonnenmacher, Thank you for responding

For Ort-server APi which credentails should we pass
image

Ort UI still shows
image
can you pls guide me, how to login to this

@mnonnenmacher
Copy link
Contributor

Can you please provide a few more details about your setup? Are you running the Docker Compose script as provided in this repository or have you done changes? Are you trying to log in via the UI run by Docker Compose or did you start it with pnpm dev? In both cases the Keycloak login form should not ask you for the client id and secret. Or are you trying to log in with a REST client like Postman?

@AnishaM7
Copy link
Author

We use docker-compose to start the ort-server.
We are not sure how to login to UI
We have keyclock, UI, ORT server API services.

When we try to access the ORT UI,(deployed with docker-compose) , UI only displays Unable to login message
image
It is not clear how can we login to ort-UI

When we try to access ORT server API, we have to authrize
image
We are not sure what is the value for client ID and client secret

@haikoschol
Copy link
Contributor

@AnishaM7 A while ago, I tried to figure out what parameters/roles/scopes/clients/users/etc. need to be added to Keycloak to make ORT Server work with it. You can find my attempt in #237. I tried diffing the realm JSON from the Docker compose setup with an unmodified realm export, but that wasn't as helpful as I hoped.

Unfortunately I don't have time to work on it right now. Maybe you have time and determination to fiddle with it until it works? :)

@Etsija
Copy link
Contributor

Etsija commented May 31, 2024
edited
Loading

I noticed at least something that needs to be probably fixed here:

  • earlier on, we only had the "dev" environment for the UI available, so in case the VITE_ environment variables are not provided, this code defaults to the dev settings
  • now as the UI has been dockerized, we should default to the Docker Compose settings instead
  • moreover, it is specified here that VITE_API_URL should be http://localhost:8080/api/v1. However, that is a bit conflicting as I am seeing that in our code, it's defaulting to http://localhost:8080 instead. See also this

@mnonnenmacher
Copy link
Contributor

mnonnenmacher commented May 31, 2024
edited
Loading

moreover, it is specified here that VITE_API_URL should be http://localhost:8080/api/v1. However, that is a bit conflicting as I am seeing that in our code, it's defaulting to http://localhost:8080/ instead. See also this

@Etsija That was just wrong in the docs, I made #339 to fix that. It actually uses http://localhost:8080 as default.

now as the UI has been dockerized, we should default to the Docker Compose settings instead

@Etsija That's not necessary, the entrypoint.sh used in the Docker image applies the values required for Docker Compose so that the defaults work for the dev environment.

We are not sure what is the value for client ID and client secret

@AnishaM7 The authentication in the Swagger UI is unfortunately broken and needs to be fixed. Please try to run the following commands and check if the login at http://localhost:8082 works afterward (because for me it does):

docker compose pull
docker compose up --force-recreate

@AnishaM7
Copy link
Author

AnishaM7 commented Jun 3, 2024

Hi @mnonnenmacher,
Executed below commands,

docker compose pull
docker compose up --force-recreate
UI still shows unable to login error
http://localhost:8082

image

@mnonnenmacher
Copy link
Contributor

@AnishaM7 Is this still an issue for you or could you solve it in the meantime?

@mnonnenmacher
Copy link
Contributor

Closed due to lack of feedback.

@AnishaM7 Please reopen the issue or create a new one if you still have issues with the UI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@haikoschol @Etsija @mnonnenmacher @AnishaM7