diff --git a/docker-compose.yml b/docker-compose.yml
index 955a59d41ca1896c6915aaf8aa4cf3916567f141..1380a51ddb3c0db1766c962423bad640888c5ed6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,7 @@ volumes:
metadata-db-data:
search-service-data:
broker-service-data:
+ authentication-service-data:
networks:
userdb:
@@ -136,8 +137,12 @@ services:
core:
ports:
- "9097:9097"
+ - "8443:8443"
+ - "8080:8080"
env_file:
- .env
+ volumes:
+ - authentication-service-data:/opt/keycloak/data/
depends_on:
fda-discovery-service:
condition: service_healthy
diff --git a/fda-authentication-service/Dockerfile b/fda-authentication-service/Dockerfile
index 76f92719904aa36a844fea9f31c16c0a4b1bdbfd..117770a3cd3c5b7981a390ed803de0a426eea281 100644
--- a/fda-authentication-service/Dockerfile
+++ b/fda-authentication-service/Dockerfile
@@ -3,6 +3,22 @@ FROM fda-metadata-db:latest as dependency
MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
###### SECOND STAGE ######
+FROM keycloak/keycloak:21.0 as config
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+ENV KC_FEATURES=account-api
+
+# Configure a database vendor
+ENV KC_DB=mariadb
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+###### THIRD STAGE ######
FROM maven:slim as build
COPY ./pom.xml ./
@@ -18,8 +34,16 @@ COPY ./report ./report
# Make sure it compiles
RUN mvn -q clean package -DskipTests
-###### THIRD STAGE ######
-FROM openjdk:11-jre-slim as runtime
+###### FOURTH STAGE ######
+FROM keycloak/keycloak:21.0 as runtime
+COPY --from=config /opt/keycloak/ /opt/keycloak/
+
+USER root
+
+COPY ./service_ready /usr/bin
+COPY ./docker-entrypoint.sh /usr/bin
+COPY dbrepo-keycloak-realm.json /dbrepo-keycloak-realm.json
+RUN chmod +x /usr/bin/service_ready /usr/bin/docker-entrypoint.sh
ENV METADATA_DB=fda
ENV METADATA_USERNAME=root
@@ -40,13 +64,18 @@ ENV SMTP_PORT=""
ENV SMTP_USERNAME=""
ENV SMTP_PASSWORD=""
ENV LOG_LEVEL=debug
-ENV DEFAULT_ROLES=ROLE_RESEARCHER
-ENV SUPERUSERS=""
-VOLUME /tmp
+ENV KC_DB=mariadb
+ENV KC_DB_URL=jdbc:mariadb://fda-metadata-db/keycloak
+ENV KC_DB_USERNAME=${METADATA_USERNAME}
+ENV KC_DB_PASSWORD=${METADATA_PASSWORD}
+ENV KC_HOSTNAME=localhost
-COPY ./service_ready /usr/bin
-RUN chmod +x /usr/bin/service_ready
+ENV KEYCLOAK_IMPORT=/dbrepo-keycloak-realm.json
+ENV KEYCLOAK_ADMIN=keycloak
+ENV KEYCLOAK_ADMIN_PASSWORD=keycloak
+
+VOLUME /tmp
HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready
@@ -54,4 +83,4 @@ COPY --from=build ./rest-service/target/rest-service-*.jar ./authentication-serv
EXPOSE 9097
-ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./authentication-service.jar"]
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
diff --git a/fda-authentication-service/dbrepo-keycloak-realm.json b/fda-authentication-service/dbrepo-keycloak-realm.json
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/fda-authentication-service/docker-entrypoint.sh b/fda-authentication-service/docker-entrypoint.sh
new file mode 100644
index 0000000000000000000000000000000000000000..cfc3f7e184853cb961ac91b5976e60ee75937d9d
--- /dev/null
+++ b/fda-authentication-service/docker-entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+(java -Dlog4j2.formatMsgNoLookups=true -jar ./authentication-service.jar) &
+
+/opt/keycloak/bin/kc.sh start
\ No newline at end of file
diff --git a/fda-metadata-db/setup-schema.sql b/fda-metadata-db/setup-schema.sql
index ff4afcc63083db7e0b0de80b0fe4cfc69b88c8da..4e77b22b9976094a647a70bdbf8b3a1de5970baf 100644
--- a/fda-metadata-db/setup-schema.sql
+++ b/fda-metadata-db/setup-schema.sql
@@ -1,3 +1,5 @@
+CREATE DATABASE keycloak;
+
BEGIN;
CREATE TABLE IF NOT EXISTS mdb_users