Technical Task Document for OpenKM & Keycloak Integration

Technical Task Document for OpenKM & Keycloak Integration Project Overview: The goal of this task is to integrate OpenKM 6.3.12 with Keycloak 21.1.2 using OpenID Connect (OIDC) for user authentication and authorization. Additionally, we need to configure the REST APIs of OpenKM to be authorized using the JWT tokens issued by Keycloak. Current Status: • We have successfully set up the integration where OpenKM redirects to Keycloak for authentication. • OpenKM is able to receive a token from Keycloak. • However, the necessary configurations to ensure the authentication flow and authorization of REST APIs using the token are not yet implemented. Tasks: 1. Complete the OpenKM Keycloak Integration: • Ensure that OpenKM correctly handles the redirect to Keycloak and receives the authentication token. • Configure OpenKM to properly use the Keycloak token to establish a user session. 2. Configure OpenKM for OpenID Connect (OIDC): • Verify that OpenKM is set up to use OpenID Connect for authentication with Keycloak. • Update the OpenKM authentication configuration to correctly use Keycloak as the identity provider. • Ensure that the OpenKM configuration allows seamless login using Keycloak credentials. 3. Configure REST API Authorization: • Modify the OpenKM security filter to authorize the REST API endpoints using the Keycloak-issued token. o Use the token received from Keycloak to authorize access to REST API endpoints. • Ensure that only authenticated users (those with a valid token) are able to access the OpenKM REST APIs. • Implement security checks to validate the token for all incoming API requests. • Add the necessary code or configurations to handle token validation for each API request. 4. Testing and Validation: • Test the OpenKM login process to ensure the Keycloak authentication and authorization work smoothly. • Test the REST APIs to confirm they are properly secured and only accessible with a valid token from Keycloak. • Ensure token expiration and renewal are handled correctly in the OpenKM system. • Test the role-based access control (RBAC) by verifying that users are assigned the appropriate roles/permissions in OpenKM based on Keycloak groups or roles. 5. Documentation: • Document all the steps taken to configure the integration between OpenKM and Keycloak. • Provide a brief overview of how the security filter for REST APIs was modified and how it handles token validation. • Include any configuration details for OpenKM and Keycloak that need to be set up on the server. Required Skills: • OpenKM 6.3.12 configuration and security settings. • Keycloak 21.1.2 for user authentication and authorization. • OpenID Connect (OIDC) integration for seamless authentication with Keycloak. • Experience modifying security filters in web applications for token-based authorization. • Strong understanding of REST API security and JWT (JSON Web Tokens) token validation. • Proficiency in Spring MVC for configuring and managing the security layer. • Experience with Maven for managing dependencies and building the OpenKM project. • Knowledge of Spring Security for configuring authentication and authorization mechanisms. Deliverables: 1. Fully integrated OpenKM with Keycloak using OpenID for authentication. 2. Secure REST APIs in OpenKM that are authorized using JWT tokens from Keycloak. 3. Documentation for the configuration and implementation steps. Timeline: Estimated completion time: 16 hours.