Keycloak Integration

Once you've got Keycloak setup per Keycloak Setup

Now that Keycloak is all setup, it's time to configure variantgrid. you will need the Client Secret (hopefully recorded from when you setup Keycloak, though you can always log back in to Keycloak to see it again)

The URL that an external user would need to access the Keycloak URL

Here's an example of all the values you will need for your settings

AUTHENTICATION_BACKENDS = (
    'auth.backend.VariantGridOIDCAuthenticationBackend',
    'django.contrib.auth.backends.ModelBackend', # default
    'guardian.backends.ObjectPermissionBackend',
)

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'mozilla_django_oidc.contrib.drf.OIDCAuthentication',
        'rest_framework.authentication.SessionAuthentication'
    ],
}

USE_OIDC = True
OIDC_RP_SIGN_ALGO = 'RS256'

# Need to set the below
OIDC_RP_CLIENT_ID = 'variant-grid'
OIDC_RP_CLIENT_SECRET = 'fd39f9f1-75b7-44c4-8e4a-a6159098506c'
KEY_CLOAK_BASE = 'http://10.211.55.6:8080/auth'
KEY_CLOAK_REALM = 'healthauth'
# Stop setting

KEY_CLOAK_PROTOCOL_BASE = KEY_CLOAK_BASE + '/realms/' + KEY_CLOAK_REALM + '/protocol/openid-connect'
OIDC_OP_JWKS_ENDPOINT= KEY_CLOAK_PROTOCOL_BASE + '/certs'
OIDC_OP_AUTHORIZATION_ENDPOINT = KEY_CLOAK_PROTOCOL_BASE + '/auth'
OIDC_OP_TOKEN_ENDPOINT = KEY_CLOAK_PROTOCOL_BASE + '/token'
OIDC_OP_USER_ENDPOINT = KEY_CLOAK_PROTOCOL_BASE + '/userinfo'
OIDC_USER_SERVICES = KEY_CLOAK_BASE + '/realms/' + KEY_CLOAK_REALM + '/account'
OIDC_OP_LOGOUT_URL_METHOD = 'auth.backend.provider_logout'
LOGIN_REDIRECT_URL = '/variantopedia/dashboard'

# Need to set
# The redirect URL is actually the URL back to variantgrid (or wherever you want to go after logout) encoded
LOGOUT_REDIRECT_URL = KEY_CLOAK_PROTOCOL_BASE + '/logout?redirect_uri=http%3A%2F%2F10.211.55.6%3A8000'
# Stop setting