Configuração Keycloak
Configuração de atributo neog_api_url
No client neog-ui deve criar um Mapeamento novo para atribuir a URL da API ao token do usuário.
Clients → neog-ui → Mappers Create Name: NEOG API URL Mapper type: User Attribute User Attribute: neog_api_url Token Claim Name: neog_api_url Claim JSON Type: JSON Add to ID token: ON Add to access token: ON Add to userinfo: OFF Multivalued: ON Aggregate attribute values: ON Save
No grupo deve ser adicionado o atributo neog_api_url com um json conforme o exemplo abaixo:
"{"group":"geral","url":"http://localhost:8080","preferred":true}"
Desta forma, é possível configurar uma URL da API para cada grupo.
É possível definir um atributo a nível de usuário, para isto, basta adicionar o atributo neog_api_url nas configurações do usuário. Desta forma, deixe as propriedades preferred=true e user_defined=true no usuário. Assim o sistema utilizará a configuração do usuário preferencialmente. {"user_defined":true,"url":"http://localhost:8080"}
Tutorial de configuração de novo domínio
Novo Realm
Select realm > Add realm
Name: [CNPJ]
Click [Create]
Configure > Realm Settings > General
Display name: NeoG HTML Display name: <b>Neo-G / [NOME EMPRESA]</b><br/><i>Solução Corporativa</i>
Click [Save]
Configure > Realm Settings > Login
User registration: Off Edit username: Off Forgot password: On Remember Me: On Verify email: Off Login with email: On Require SSL: external request
Configure > Realm Settings > Tokens
SSO Session Idle: 4 Hours Access Token Lifespan: 1 Hour
Configure > Clients Click [Create]
Cliente ID: neog-api Click [Save]
Configure > Clients > neog-api > Settings
Access Type: confidencial
Service Accounts Enabled: On
Valid Redirect URIs: http://[NEOG-UI-SERVER]:[PORT]/*
Web Origins:
Click [Save]
Configure > Clients > neog-api > Credentials
Copy Secret Key to paste on neog-api application property keycloak.credentials.secret.
Configure > Clients
Click [Create]
Cliente ID: neog-ui Click [Save]
Configure > Clients > neog-ui > Settings
Name: NeoG / [COMPANY]
Access Type: public
Valid Redirect URIs: http://[NEOG-UI-SERVER]:[PORT]/*
Web Origins:
Click [Save]
Configure > Clients > neog-ui > Mappers
Click [Create]
Name: comp_refid Mapper Type: User Attribute User Attribute: comp_refid Token Claim Name: comp_refid Claim JSON Type: String Add to ID token: On Add to access token: On Add to userinfo: On Multivalued: Off Aggregate attribute values: Off
Click [Save]
Click [Create]
Name: neog_api_url Mapper Type: User Attribute User Attribute: neog_api_url Token Claim Name: neog_api_url Claim JSON Type: JSON Add to ID token: On Add to access token: On Add to userinfo: On Multivalued: Off Aggregate attribute values: Off
Click [Save]
Configure > Roles
Click [Add Role]
Role Name: full Click [Save]
Configure > Roles
Click [Add Role]
Role Name: user Click [Save]
Configure > Roles
Click [Add Role]
Role Name: admin Click [Save]
Composite Roles: On Associated Roles: user
Configure > Roles
Adicionar quantas funções necessárias, tais como faturamento, financeiro, logistica, vendas, etc.
Manage > Groups
Click [New] Name: Administrador
Manage > Groups > Administrador > Attributes
Key: neog_api_url Value: {"group":"administracao","url":"http://localhost:9180/neog-api"} Click [Add] Click [Save]
Manage > Groups > Administrador > Role Mappings
Assigned Roles: admin
Manage > Users
Click [Add User]
Username: suporte-h2a Email: suporte@h2asol.com Click [Save]
Manage > Users > infra > Attributes
(Opcional: Permitido alterar a URL de acesso à API por nível de usuário)
Key: neog_api_url Value: {"user_defined":true,"url":"http://localhost:8765"}
Manage > Users > infra > Credentials
Password: Password Confirmation: Temporary: Off Click [Set Password]
Manage > Users > infra > Role Mappings
Assigned Roles: admin
Manage > Users > infra > Role Mappings
Group Membership: Administração