SunbirdRC uses a custom keycloak image which is configured to enable/disable NONCE validation. The required changes are made in this repository, https://github.com/Sunbird-RC/keycloak/tree/configurable-nonce-validation.

NONCE validation is default enabled in keycloak, to turn off the validation VALIDATE_NONCE should be set to "false".

This configuration is not provided by keycloak by default even in the latest version. We have configured this change, particularly for enabling Digilocker Meripehchaan SSO (Task: https://github.com/Sunbird-RC/community/issues/593).

Build custom keycloak image

Pre-requisites

• JAVA 11 (tested with 11.0.8)

• Maven

Build keycloak distribution jar

• Clone https://github.com/Sunbird-RC/keycloak/tree/configurable-nonce-validation the repository (Contains the source code)

• Run the below command to generate the distribution jar. Reference https://github.com/Sunbird-RC/keycloak/blob/configurable-nonce-validation/docs/building.md mvn clean install -Pdistribution

• The above command should create keycloak-14.0.0.tar.gz in distribution/server-dist/target directory

Build keycloak docker image

• Clone https://github.com/keycloak/keycloak-containers/tree/main/ the repository (Contains the build files)

• git checkout 14.0.0

• cd server

• Run a Python HTTP server in the keycloak repo to access the distributed jar file. python -m http.server 8001

• Build the keycloak docker image, docker build -t sunbirdrc/keycloak --build-arg KEYCLOAK_DIST=http://<YOUR_IP_ADDRESS>:8001/keycloak-14.0.0.tar.gz .

• Tag the new docker image and publish it to dockerhub / docker registry