419 authenticator against keycloak

[longshuicy]

Description

Add provider for keycloak authentication.

How to test:

1. Have a running keycloak instance (can reuse the clowder2 keycloak container)

2. Unzip, import the realm or create your own.

realm-export.json.zip

3. If you choose to create your own realm, make sure you register the redirect URL as {host}/authenticate/keycloak

4. Get the client secret

5. overwrite config by add below to the custom/custom.conf

ehcacheplugin = enabled

securesocial.keycloak={
    authorizationUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/auth"
    accessTokenUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/token"
    userinfoUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/userinfo"
    clientId="clowder1-backend"
    clientSecret= client scecret copied from step 3
    scope="profile email roles"
}

6. create custom/play.plugins with

10005:services.KeycloakProvider

7. test http://localhost:9000/login

Review Time Estimate

• Immediately
• Within one week
• When possible

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My change requires a change to the documentation.
• I have updated the CHANGELOG.md.
• I have signed the CLA
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[max-zilla]

Ran this against keycloak container from v2, registered a new user in the realm and logging in via Clowder correctly routed me through TOS, profile looks good, everything seems to work.