Elastic Path Account Management Deployment Guide

Deploying and Configuring Keycloak

Deploying and Configuring Keycloak

  • Ensure that all requirements described in the Requirements section are met.
  • Ensure that you have the URLs for the Account Management user interface, the Account Management API, and Keycloak.
  • Ensure that the SMTP server details are available.
  • Ensure that the URLs of all storefronts that will utilize the Account Management service are available.
  • Ensure that you have access to the account-management-1.0.0.zip file in the Elastic Path Public Nexus repository.
  • Ensure that Updating Elastic Path Commerce is complete.
  • Ensure that the custom branding for the storefronts or the Account Management user interface are available.

You can use any method to deploy Keycloak. For the deployment, Elastic Path recommends using the Keycloak docker file in the account-management-1.0.0.zip file that is based on the jboss/keycloak:4.7.0.Final docker image. This Docker image includes a theme corresponding to the Account Management user interface. Other themes can be included and the docker image can be deployed via the Amazon Elastic Container Service (ECS).

Note:
  1. Login as the administrative user to the Keycloak user interface.
  2. Add a realm by following the instructions at creating a new Realm.
  3. In the new realm, go to Realm Settings > Login and verify the following settings:
    Setting Value
    User Registration OFF
    Edit user name OFF
    Login with email ON
  4. In the Realm Settings > Email field, enter the necessary configuration values for the SMTP server.
    Important:
    If you get the Logged in User does not have an e-mail. error when you click Test Connection, do the following:
    • In the upper right corner, click the drop-down menu.
    • Click Manage Account .
    • Enter your e-mail address.
  5. Optional: In the Realm Settings > Theme, modify the themes used for the realm, if applicable.
  6. Create a client that will be used by the Account Management API, UI and store fronts, by performing the following actions:
    1. Navigate to Realm Settings > Clients and click Create.
    2. Enter the following settings:
      • Client IDeam
      • Client Protocolopenid-connect
    3. Click Save.
      The system redirects you to the new client configuration.
    4. In the new client configuration page, enter the following settings:
      • Access Typeconfidential
      • Valid Redirect URIs — The URLs used by the Account Management UI, Admin Studio, and Store Fronts. For a URL hosted at https://example.tld/, enter a URL with a wildcard https://example.tld/*.
    5. Click Save.
    6. Navigate to the Credentials tab and ensure that the Client Authenticator is set to Client Id and Secret.
    7. Click Regenerate Secret and save the value for future use.
    The system uses this client for the communication between the API and Keycloak.
  7. In the new realm, add a seller administrator by clicking Users > Add user.
    Important: A seller administrator account is required to use Account Management functionality and is necessary to validate subsequent steps.
    1. Enter username, e-mail, password, and any required details for the user, as required.
      The system provides this user access to the Account Management user interface.
    2. Click Save
      Note: Make note of the value of ID in the Details tab of the newly created account for use in subsequent steps.