On-Prem Deployment - Entitlements/Auth Issues
Entitlements Issues
-
Initial keycloak admin user does not have OSDU entitlements. Therefore cannot give new users permission in OSDU groups.
-
Had to go into keycloak and add a new user that impersonated the 'entitlements_admin@service.local' service account and allowed password auth to be able to connect to the system and run entitlements groups commands.
-
Access token does not expire (tested after 3 days of non-use)
-
JWT Parsed on jwt.io shows the token should expire on Wed, May 11th...but still works as of Mon, May 16th.
{
"exp": 1652307430, //Wednesday, May 11, 2022 10:17:10 PM
"iat": 1652303830,
"jti": "3d0ef4cf-da19-401f-b107-1dc6a8d6fbd5",
"iss": "http://[redacted]/auth/realms/osdu",
"aud": "account",
"sub": "0125808f-3935-4dbf-9167-980a4e90b4cd",
"typ": "Bearer",
"azp": "storage",
"session_state": "2c5fe593-6882-43ed-a4d9-c4adc0021f8d",
"acr": "1",
"realm_access": {
"roles": [
"offline_access",
"default-roles-osdu",
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "email profile",
"sid": "2c5fe593-6882-43ed-a4d9-c4adc0021f8d",
"email_verified": true,
"preferred_username": "[redacted]",
"email": "[redacted]"
}