-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'development' into ci/deploy-to-dev
- Loading branch information
Showing
3 changed files
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # How to contribute | ||
|
|
||
| As an open-source project in a rapidly developing field, we are open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation. | ||
|
|
||
| For detailed information on how to contribute, see the full [contributing documentation](https://github.com/epam/ai-dial/blob/main/CONTRIBUTING.md). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| ## KeyCloak Configuration | ||
|
|
||
| Auth-helper uses token-exchange API in KeyCloak for access to external IdP. You need to grant permissions for the exchange | ||
| before running auth-helper: https://www.keycloak.org/docs/latest/securing_apps/#_client_to_client_permission | ||
|
|
||
| ### Identity Provider | ||
| Go to the target realm in KeyCloak and open "Identity Providers". Choose the tab "Mappers" and create two mappers: | ||
|
|
||
| - *Idp*. The attribute denotes to the identity provider is used in KeyCloak. At the moment the valid value is "microsoft". | ||
| - *IdpAlias*. The attribute denotes to the alias name of the IdP configured in KeyCloak. | ||
|
|
||
| See the details below how to fill required fields in the mapper form to create mappers | ||
|
|
||
| | Name | Sync Mode Override | Mapper Type | User Attribute | User Attribute Value | | ||
| |----------|---------------------|---------------------|-------------|----------------------| | ||
| | Idp | Force | Hardcoded Attribute | idp | microsoft | | ||
| | IdpAlias | Force | Hardcoded Attribute | idpAlias | <your_idp_alias> | | ||
|
|
||
| ### Client Scope | ||
|
|
||
| Go to "Client Scopes" in KeyCloak and choose the scope "dial". If the scope doesn't exist it should be created and be included to the client "chatbot-ui". | ||
|
|
||
| Go to the tab "Mappers" and create two mappers: | ||
|
|
||
| - *Idp*. Injects attribute value of "Idp" to the access token as a claim. | ||
| - *IdpAlias*. Injects attribute value of "IdpAlias" to the access token as a claim. | ||
|
|
||
| See the details below how to fill required fields in the mapper form to create mappers. | ||
|
|
||
| | Name | User Attribute | Token Claim Name | Claim JSON Type | Add to access token | | ||
| |------------|----------------|------------------|-----------------|---------------------| | ||
| | Idp | idp | idp | String | On | | ||
| | Idp Alias | idpAlias | idpAlias | String | On | | ||
|
|
||
| Note. The rest of flags should be turned off in the mapper form. | ||
|
|