From 77c65f7312a370110a0fd463bbed5ec92dbb01d2 Mon Sep 17 00:00:00 2001
From: x-PiVANHO <pvm@kereval.com>
Date: Wed, 11 Dec 2024 14:41:55 +0100
Subject: [PATCH] IUA missing documentation for keycloak configuration

---
 IUA-Simulator/installation.md | 29 ++++++++++++++++++++++++++++-
 IUA-Simulator/release-note.md |  2 +-
 IUA-Simulator/user.md         |  2 +-
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/IUA-Simulator/installation.md b/IUA-Simulator/installation.md
index 59d294e..9bfab42 100644
--- a/IUA-Simulator/installation.md
+++ b/IUA-Simulator/installation.md
@@ -4,7 +4,7 @@ subtitle: IUA Simulator
 author: Pierre-Marie VAN HOUTEGHEM, CLaude LUSSEAU
 function: Software Engineer
 date: 2023-04-05
-toolversion: 1.0.0
+toolversion: 1.0.2
 version: 1.00
 status: To be reviewed
 reference: KER1-MAN-IHE-IUA-SIMULATOR_INSTALLATION-1\_01
@@ -38,3 +38,30 @@ Once the application is deployed, open a browser and go to http://yourserver/iua
 If the deployment is successful, you should receive a 200 Ok Response.
 
 The sources of the projects are available on [Inria's gitlab](https://gitlab.inria.fr/gazelle/public/simulation/iua-simulator.git).
+
+## Keycloak Configuration
+
+In order to use IUA at full capacity, a few things have to be configurated inside keycloak by hand.
+
+### Create a client  
+
+Access Keycloak through the Admin interface by going at http://yourserver/iua-sso
+On the top left select the realm in which you wish to create your client.
+Go to the clients menu and press "Create Client"
+
+On the first page, verify the value of client type is "OpenID Connect" and put the client id of your new client.
+On the next page, turn on the Client Authentication switch, then check "Standard flow", "Direct access grants" and "service accounts roles".
+On the last page, add the url of the client, and their redirect and logout redirects uris. You can then click save.
+
+Don't forget to retrieve the client authenticator and client secret for your requests. 
+
+### Dynamic scopes for CH scopes
+
+By default starting from version 1.0.2, Keycloak handles the dynamic variabilty of a few scopes sent in the ITI transactions.
+But they need to be added by hand for each client that uses them.
+
+For this, go to the keycloak admin interface, then go the CH IUA realm. 
+Find your client in the clients list, select it and go to the Client scopes tab.
+In this tab, press "Add client scope". A popup appears where you can select every item. Then press Add then Optional. 
+
+Now your client is ready to recieve dynamic scopes and put them in its access token.
\ No newline at end of file
diff --git a/IUA-Simulator/release-note.md b/IUA-Simulator/release-note.md
index f2b624a..f10d06d 100644
--- a/IUA-Simulator/release-note.md
+++ b/IUA-Simulator/release-note.md
@@ -1,7 +1,7 @@
 ---
 title: Release note
 subtitle: IUA Simulator
-toolversion: 1.0.0
+toolversion: 1.0.2
 releasedate: 2023-04-20
 author: Pierre-Marie VAN HOUTEGHEM, Claude LUSSEAU
 function: Software Engineer
diff --git a/IUA-Simulator/user.md b/IUA-Simulator/user.md
index 3865214..1768fde 100644
--- a/IUA-Simulator/user.md
+++ b/IUA-Simulator/user.md
@@ -3,7 +3,7 @@ title: User Manual
 subtitle: IUA Simulator
 author: Pierre-Marie VAN HOUTEGHEM, Claude LUSSEAU
 releasedate: 2023-04-20
-toolversion: 1.0.0
+toolversion: 1.0.2
 function: Software Engineer
 version: 1.00
 status: To be reviewed
-- 
GitLab