This directory contains the docker configuration for a sample Keycloak server that can be used as the Identity Provider (IDP) and Authorization server (AuthZ) companions of the FHIR proxy.
NOTE: This is just for test purposes; never use this configuration in production without addressing security issues, in particular SSL access.
There are three components involved here which are all combined in config-compose.yaml:
-
The Alvearie SMART Keycloak. We could also use the base Keycloak image if the access-checker does not care about SMART on FHIR spec (for example the
listaccess-checker). Thepatientaccess-checker is intended for a SMART on FHIR app with patient scopes. -
The
alvearie/keycloak-config:latestdocker image to configure a SMART enabled realm. This is useful for thepatientaccess-checker. -
The
us-docker.pkg.dev/fhir-proxy-build/stable/keycloak-config:latestdocker image to configure a realm for thelistaccess-checker.
You can change the configuration parameters by changing environment variables
passed to the docker images. By default, the values in .env is used.
To run all above components:
docker-compose -f config-compose.yaml up