Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
RH-SSO-7.6.4
-
None
-
False
-
None
-
False
Description
1. Issue description:
The section 13.1. Kubernetes / OpenShift files plain-text vault provider is very difficult to understand.
It needs clarification on:
1. How to build the filename containing the password:
The filename to be used is <realmname>_<secret-name>
(Double all underscores within the secret name or the realm name in the file name)
2. The filename password should contain no trailing space '\n' (usually added by editor such as vi or echo).
It means that the trailing space should be removed, otherwise authentication will fail.
3. You should indicate how to create the secret
4. You need to describe how to add the equivalent command to OCP/RH-SSO pod deployment
/subsystem=keycloak-server/spi=vault/:add
/subsystem=keycloak-server/spi=vault/provider=files-plaintext/:add(enabled=true,properties={dir => "${jboss.home.dir}/standalone/configuration/vault"})
/subsystem=keycloak-server/spi=vault:write-attribute(name=default-provider,value=files-plaintext)
usually this is done via a configmap.
5. You need to add volumeMounts/Volume to accommodate your newly created secret and configmap.