diff --git a/docs/deployment/authentication/keycloak-auth.mdx b/docs/deployment/authentication/keycloak-auth.mdx
index 255e67ed2..eb821e7a6 100644
--- a/docs/deployment/authentication/keycloak-auth.mdx
+++ b/docs/deployment/authentication/keycloak-auth.mdx
@@ -32,6 +32,7 @@ To start Keep with Keycloak authentication, set the following environment variab
| AUTH_TYPE | Set to 'KEYCLOAK' for Keycloak authentication | Yes | - |
| KEYCLOAK_ID | Your Keycloak client ID (e.g. keep) | Yes | - |
| KEYCLOAK_ISSUER | Full URL to Your Keycloak issuer URL e.g. http://localhost:8181/auth/realms/keep | Yes | - |
+| KEYCLOAK_SECRET | Your Keycloak client secret | Yes | keep-keycloak-secret |
#### Backend Environment Variables
@@ -50,5 +51,5 @@ To start Keep with Keycloak authentication, set the following environment variab
### Example configuration
To get a better understanding on how to use Keep together with Keycloak, you can:
-- See [Keycloak](https://github.com/keephq/keep/tree/main/tests) directory for configuration, realm.json, etc
-- See Keep + Keycloak [docker-compose example](https://github.com/keephq/keep/blob/main/keycloak/docker-compose.yml)
+- See [Keycloak](https://github.com/keephq/keep/tree/main/keycloak) directory for configuration, realm.json, etc
+- See Keep + Keycloak [docker-compose example](https://github.com/keephq/keep/blob/main/keycloak/docker-compose.yaml)
diff --git a/ee/identitymanager/identity_managers/keycloak/keycloak_authverifier.py b/ee/identitymanager/identity_managers/keycloak/keycloak_authverifier.py
index 1daf5bb6a..1a2fd7516 100644
--- a/ee/identitymanager/identity_managers/keycloak/keycloak_authverifier.py
+++ b/ee/identitymanager/identity_managers/keycloak/keycloak_authverifier.py
@@ -1,4 +1,5 @@
import os
+import logging
from fastapi import Depends, HTTPException
@@ -8,6 +9,8 @@
from keycloak.keycloak_uma import KeycloakUMA
from keycloak.uma_permissions import UMAPermission
+logger = logging.getLogger(__name__)
+
class KeycloakAuthVerifier(AuthVerifierBase):
"""Handles authentication and authorization for Keycloak"""
@@ -55,6 +58,10 @@ def _verify_bearer_token(
email = payload.get("preferred_username")
org_id = payload.get("active_organization", {}).get("id")
org_realm = payload.get("active_organization", {}).get("name")
+ if org_id is None or org_realm is None:
+ logger.warning(
+ "Invalid Keycloak configuration - no org information for user. Check organization mapper: https://github.com/keephq/keep/blob/main/keycloak/keep-realm.json#L93"
+ )
role = (
payload.get("resource_access", {})
.get(self.keycloak_client_id, {})
diff --git a/keep-ui/components/navbar/DashboardLink.tsx b/keep-ui/components/navbar/DashboardLink.tsx
index cc046de60..80016e0bf 100644
--- a/keep-ui/components/navbar/DashboardLink.tsx
+++ b/keep-ui/components/navbar/DashboardLink.tsx
@@ -1,8 +1,8 @@
-import { useSortable } from '@dnd-kit/sortable';
+import { useSortable } from "@dnd-kit/sortable";
import { Subtitle } from "@tremor/react";
import { FiLayout } from "react-icons/fi";
import { LinkWithIcon } from "components/LinkWithIcon"; // Ensure you import this correctly
-import classNames from 'classnames';
+import { clsx } from "clsx";
interface Dashboard {
id: string;
@@ -14,31 +14,40 @@ type DashboardLinkProps = {
dashboard: Dashboard;
pathname: string | null;
deleteDashboard: (id: string) => void;
+ titleClassName?: string;
};
-export const DashboardLink = ({ dashboard, pathname, deleteDashboard }: DashboardLinkProps) => {
+export const DashboardLink = ({
+ dashboard,
+ pathname,
+ deleteDashboard,
+ titleClassName,
+}: DashboardLinkProps) => {
const href = `/dashboard/${dashboard.dashboard_name}`;
- const isActive = decodeURIComponent(pathname|| "") === href;
-
- const { isDragging } =
- useSortable({
- id: dashboard.id,
- });
+ const isActive = decodeURIComponent(pathname || "") === href;
+ const { isDragging } = useSortable({
+ id: dashboard.id,
+ });
return (
deleteDashboard(dashboard.id)}
- >
-
- {dashboard.dashboard_name}
-
-
+ href={href}
+ icon={FiLayout}
+ isDeletable={true}
+ onDelete={() => deleteDashboard(dashboard.id)}
+ >
+
+ {dashboard.dashboard_name}
+
+
);
};
diff --git a/keep-ui/components/navbar/DashboardLinks.tsx b/keep-ui/components/navbar/DashboardLinks.tsx
index cf0cab3d4..80fcc9c35 100644
--- a/keep-ui/components/navbar/DashboardLinks.tsx
+++ b/keep-ui/components/navbar/DashboardLinks.tsx
@@ -13,7 +13,7 @@ import { DashboardLink } from "./DashboardLink";
import { Subtitle, Button, Badge, Text } from "@tremor/react";
import { Disclosure } from "@headlessui/react";
import { IoChevronUp } from "react-icons/io5";
-import classNames from "classnames";
+import clsx from "clsx";
import { useDashboards } from "utils/hooks/useDashboards";
import { useApiUrl } from "utils/hooks/useConfig";
@@ -105,7 +105,7 @@ export const DashboardLinks = ({ session }: DashboardProps) => {
Beta
{
dashboard={dashboard}
pathname={pathname}
deleteDashboard={deleteDashboard}
+ titleClassName="max-w-[150px] overflow-hidden overflow-ellipsis"
/>
))
) : (
diff --git a/keycloak/keycloak_entrypoint.sh b/keycloak/keycloak_entrypoint.sh
index d8bfa81e2..74a95fce9 100755
--- a/keycloak/keycloak_entrypoint.sh
+++ b/keycloak/keycloak_entrypoint.sh
@@ -28,7 +28,7 @@ fi
# Start Keycloak in the background
echo "Starting Keycloak"
-/opt/keycloak/bin/kc.sh start-dev --features=preview --import-realm -Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.migration.strategy=OVERWRITE_EXISTIN &
+/opt/keycloak/bin/kc.sh start-dev --log-level=DEBUG --features=preview --import-realm -Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.migration.strategy=OVERWRITE_EXISTIN &
echo "Keycloak started"
# Try to connect to Keycloak - wait until Keycloak is ready or timeout
echo "Waiting for Keycloak to be ready"
@@ -62,7 +62,7 @@ echo "Event listener 'last_login' configured"
# Configure Content-Security-Policy and X-Frame-Options
# So that the SSO connect works with the Keep UI
echo "Configuring Content-Security-Policy and X-Frame-Options"
-/opt/keycloak/bin/kcadm.sh update realms/${KEEP_REALM} -s 'browserSecurityHeaders.contentSecurityPolicy="frame-src '\''self'\'' '"$KEEP_URL"'; frame-ancestors '\''self'\'' '"$KEEP_URL"'; object-src '\''none'\'';"'
+/opt/keycloak/bin/kcadm.sh update realms/${KEEP_REALM} -s 'browserSecurityHeaders.contentSecurityPolicy="frame-src '\''self'\'' '${KEEP_URL}'; frame-ancestors '\''self'\'' '${KEEP_URL}'; object-src '\''none'\'';"'
/opt/keycloak/bin/kcadm.sh update realms/${KEEP_REALM} -s 'browserSecurityHeaders.xFrameOptions="ALLOW"'
echo "Content-Security-Policy and X-Frame-Options configured"
diff --git a/keycloak/readme.md b/keycloak/readme.md
index a7f980b42..910bc3a8c 100644
--- a/keycloak/readme.md
+++ b/keycloak/readme.md
@@ -1,17 +1,33 @@
+# Docker-compose example:
+```
+docker-compose -f keycloak/docker-compose.yaml up
+```
+Keycloak: http://localhost:8181/auth/ (keep_kc:keep_kc)
+Keep login page: http://localhost:3000/
+## For Azure:
+Instructions:
+1. https://rahulroyz.medium.com/using-keycloak-as-idp-for-azure-ad-sso-authentication-role-authorization-0b309c15eadc
+2. https://rahulroyz.medium.com/using-keycloak-as-idp-for-azure-ad-role-authorization-part-2-map-ad-groups-to-keycloak-roles-9850d4acd536
+
+Set email, first name & last name for keep_admin user: http://localhost:8181/auth/admin/master/console/#/keep/users
+Also please assign admin role for keep_admin.
+
+# Development
+
+```
docker run --name phasetwo_test --rm -p 8181:8080 \
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/phasetwo/phasetwo-keycloak:latest \
start-dev
-
-
+```
+```
http://localhost:8181/realms/keep/portal/
http://localhost:8181/realms/keep/portal/
-
https://euc1.auth.ac/auth/realms/keep/portal
-
+```
# delete realm to refresh
1. delete the realm from the UI