On-Prem Deployment - Entitlements/Auth Issues

Entitlements Issues

• Initial keycloak admin user does not have OSDU entitlements. Therefore cannot give new users permission in OSDU groups.

• Had to go into keycloak and add a new user that impersonated the 'entitlements_admin@service.local' service account and allowed password auth to be able to connect to the system and run entitlements groups commands.

• Access token does not expire (tested after 3 days of non-use)

• JWT Parsed on jwt.io shows the token should expire on Wed, May 11th...but still works as of Mon, May 16th.

{
  "exp": 1652307430, //Wednesday, May 11, 2022 10:17:10 PM
  "iat": 1652303830,
  "jti": "3d0ef4cf-da19-401f-b107-1dc6a8d6fbd5",
  "iss": "http://[redacted]/auth/realms/osdu",
  "aud": "account",
  "sub": "0125808f-3935-4dbf-9167-980a4e90b4cd",
  "typ": "Bearer",
  "azp": "storage",
  "session_state": "2c5fe593-6882-43ed-a4d9-c4adc0021f8d",
  "acr": "1",
  "realm_access": {
    "roles": [
      "offline_access",
      "default-roles-osdu",
      "uma_authorization"
    ]
  },
  "resource_access": {
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "email profile",
  "sid": "2c5fe593-6882-43ed-a4d9-c4adc0021f8d",
  "email_verified": true,
  "preferred_username": "[redacted]",
  "email": "[redacted]"
}