RedHatTraining/agnosticd.git

			@@ -426,7 +426,7 @@
			$ oc project $OCP_PROJECT_PREFIX-bservices
			-----

			. Create a new OpenShift Container Platform application based on a simple RESTful service implemented using Wildfly Swarm:
			. Create a new application based on a simple RESTful service implemented using Wildfly Swarm:
			+
			-----
			$ oc create -f https://raw.githubusercontent.com/gpe-mw-training/3scale_onpremise_implementation_labs/secure/services/wfswarm-date-service/wf-swarm-oauth.yaml
			@@ -434,18 +434,19 @@
			$ oc new-app \
			--template=wf-swarm-oauth \
			--param=TRUSTSTORE_PASSWORD=$pleaseHackMePasswd \
			--param=TRUSTSTORE_PATH=/app/certs/"$rhsso_realm"_truststore.jks
			--param=TRUSTSTORE_PATH=/app/certs/"$rhsso_realm"_truststore.jks \
			--param=KEYCLOAK_ADAPTER_PATH=/app/rhsso-config/keycloak.json
			-----
			+
			This command creates deployment config with a paused pod.
			This command creates a deployment config with a paused pod.
			The pod includes a Java based container.
			The `--XmX` of the JVM in the container is set to 80% of 1Gi; so about 800 MB

			=== Java Truststore

			In this section, you add realm certificate to a Java truststore:
			In this section, you add a SSO realm certificate to a Java truststore:

			. Create Java truststore populated with this realm certificate:
			. Create Java truststore populated with the realm certificate created in a previous section of the lab:
			+
			-----
			$ keytool -import \
			@@ -454,8 +455,10 @@
			-keystore /tmp/"$rhsso_realm"_truststore.jks \
			-storepass $pleaseHackMePasswd
			-----
			+
			Recall that the SSO realm certificate is in the file (/tmp/$rhsso_realm.pem) being imported into the Java truststore.

			. Confirm contents of Java truststore:
			. Confirm contents of the Java truststore:
			+
			-----
			$ keytool -v \
			@@ -464,7 +467,7 @@
			-storepass $pleaseHackMePasswd
			-----

			. Create a secret with your previously created truststore:
			. Create a secret from the previously created truststore:
			+
			----
			$ oc create secret generic sso-truststore-secret \
			@@ -480,6 +483,8 @@
			--type=secret \
			--secret-name=sso-truststore-secret
			-----
			+
			Notice that the mount point on the DC where the truststore will reside matches that of the template parameter: `TRUSTSTORE_PATH`.


			=== `keycloak.json` adapter
			@@ -489,27 +494,27 @@
			-----
			$ echo "
			{
			"realm": "$rhsso_realm",
			"bearer-only": true,
			"auth-server-url": "$rhsso_url/auth",
			"ssl-required": "external",
			"realm-public-key": "$RSA_PUB_KEY",
			"resource": "realm-management",
			"use-resource-role-mappings": true
			\"realm\": \"$rhsso_realm\",
			\"bearer-only\": \"true\",
			\"auth-server-url\": \"$rhsso_url/auth\",
			\"ssl-required\": \"external\",
			\"realm-public-key\": \"$RSA_PUB_KEY\",
			\"resource\": \"realm-management\",
			\"use-resource-role-mappings\": \"true\"
			}" > /tmp/keycloak.json
			----
			-----

			. Create a ConfigMap from the `keycloak.json` file.
			+
			You then mount it as a volume and point WildFly Swarm to the mounted `keycloak.json`.

			. Create a ConfigMap called `date-service-rhsso` in the `bservices` project on OpenShift from the `keycloak.json` file:
			.. Create a ConfigMap called `date-service-rhsso` in the `bservices` project on OpenShift from the `keycloak.json` file:
			+
			----
			$ oc create configmap keycloak-resource-cm --from-file=/tmp/keycloak.json
			----

			. Mount the configmap as a volume in the Swarm DC:
			.. Mount the configmap as a volume in the Swarm DC:
			+
			-----
			$ oc set volume dc/wf-swarm-oauth --add --overwrite \
			@@ -537,7 +542,6 @@
			\| sed 's/.access_token":"//g' \| sed 's/".//g')

			$ curl -k -v -X GET \
			-H "Accept: application/json" \
			-H "Authorization: Bearer $TKN" \
			https://`oc get route/wf-swarm-oauth --template "{{.spec.host}}"`/time/now
			-----