One-Off IdP with KeyCloak
When end-2-end testing applications that use an IdP, an IdP needs to be in a known state to make test repeatable.
Typically a container is used, with a configuration that needs to be reset before (and after) a run. Restoring the IdP configuration isn't ideal, since addring new test cases (e.g. adding a user with different properties to check application behavior). I propose a different approach: One-off IdP
Container without persistence
I start with an empty deployment of KeyCloak running in a docker container.
#!/bin/bash
#Run a clean KeyCloak
docker run --rm -p 8080:8080 \
--name testcloak \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=password \
quay.io/keycloak/keycloak:latest start-dev
The --rm
parameter ensures that the container is discarded after use. There is no persistence flag (--mount
), so when the container goes down, all data perishes (and that's intendet).
Configuration sequence
The empty KeyCloak only knows the realm master
and the user admin
. To turn it into a fully functional IdP we need to configure it. Since we want this process to be repeatable we shall use Keycloak's REST API. The documentation is complete, including an OpenAPI spec, but in a dictionary style, so all is good when you know what you are looking for. To learn what is needed the browser development tools while using the admin UI teach us the what.
Read more
Posted by Stephan H Wissel on 20 October 2024 | Comments (0) | categories: Curl WebDevelopment