Table of Contents

• Installation of RHPAM with RHSSO configuration
  • Installation and configuration of RHSSO
  • Installation and configuration of RHPAM

Creating a RHPAM installation with RHSSO configuration

Installation and configuration of RHSSO

• Install Red Hat Business Automation Operator Use the following command to create the Keycloak instance:

oc create -f rhsso.yaml

Validate that the installation completes when all the Pods are in Running or Completed state.

• Access the Keycloak admin console using the keycloak route, for example https://keycloak-theom.apps.mw-ocp4.cloud.lab.eng.bos.redhat.com
• Create a realm, for example demo
• Create roles (admin, kie-server, rest-all) in the realm
• Create a user for example adminuser
• Edit the user, go to credentials set its password, uncheck temporary
• Edit the user, go to role mapping and assign the roles you previously created (admin, kie-server, rest-all)
• Create a client for Business central, edit the client info, change access type to confidential, input Root URL and Valid Redirect URIs to point to the Business central route URL for example https://rhpam-test-rhdmcentr-theom.apps.mw-ocp4.cloud.lab.eng.bos.redhat.com and https://rhpam-test-rhdmcentr-theom.apps.mw-ocp4.cloud.lab.eng.bos.redhat.com/*
• Create a client for the Kie Server, edit the client info, change access type to confidential, input Root URL and Valid Redirect URIs to point the Kie Server route URL for example https://rhpam-test-kieserver-theom.apps.mw-ocp4.cloud.lab.eng.bos.redhat.com and https://rhpam-test-kieserver-theom.apps.mw-ocp4.cloud.lab.eng.bos.redhat.com/*

Installation and configuration of RHPAM

• Install Red Hat Business Automation Operator Use the following command to create the KieApp instance that triggers the creation of all the RHPAM resources through the Business Automation operator:

oc create -f rhpam-with-sso.yaml

Use the given rhpam-with-sso.yaml file as a reference with placeholders, replace the placeholders with your own parameters. The reference configuration has:

• 1 replica for the RHPAM Business Central
• 1 replicas for the KIE Server with name kieserver

rhpam-with-sso.yaml parameters:

• In commonConfig section the adminUser and adminPassword should be the same as the of the user and password you created in Keycloak.
• In sso section the url should be the /auth.
• In sso section the realm should be the realm you created in keycloak.
• In sso section the adminUser and adminPassword should be the same as the of the user and password you created in Keycloak.
• In console section under ssoClient section the name parameter should be the Business central client name you created in keycloak.
• In console section under ssoClient section the secret parameter should be the Business central client secret which can be found in keycloak when editing the client, it's in confidentials tab.
• In servers section under ssoClient section the name parameter should be the Kie Server client name you created in keycloak.
• In servers section under ssoClient section the secret parameter should be the Kie Server central client secret which can be found in keycloak when editing the client, it's in confidentials tab.

Validate that the installation completes when all the Pods are in Running or Completed state.

Accessing the Business Central application

The URL of the application can be found as:

oc get route -o jsonpath='{..spec.host}' rhpam-test-rhdmcentr

In alternative, launch the application by clicking on the Location column of the route named rhpam-test-rhdmcentr in the Networking>Routes menu of the OCP console.

Note: the route name can be <name>-rhdmcentr if you changed the instance name in the given rhpam-with-sso.yaml configuration