Open in app

Sign in

Write

Sign in

RH-SSO with Oracle Back-end Database

Oren Oichman
3 min readDec 20, 2021

Why this article ?

Working with RH-SSO is multiple customers sites raised a very interesting question. “can we deploy RH-SSO on OpenShift with an external DB?”
It took a while but finally the answer to this question is “YES”. from version 7.3 we can create update the current set of files which RH-SSO uses in order to direct it to a different DATABASE

Connect with Environment variables ?

Yes , we can update the connection string so it will expect the connection credentials from the environment variables.

Where to start ?

Create a new project that will store our rh-sso application

# oc new-project rh-sso

Deploy the rh-sso from the Openshift template :

# oc new-app --template=sso75-x509-postgresql-persistent \
--param=SSO_ADMIN_USERNAME=admin \
--param=SSO_ADMIN_PASSWORD="<your password>"

Now let’s delete the postgreSQL database :

# oc delete dc/sso-postgresql

Create the directories :

# mkdir rh-sso-oracle && cd rh-sso-oracle
# mkdir extensions

Now we need to create our Jdbc extension for Oracle database with environment variables.
We will create the following file in the directory structure :

.
   ├── Containerfile
   └── extensions
      ├── actions.cli
      ├── ojdbc7.jar
      └── postconfigure.sh

Download Oracle JDBC driver

  1. Download the required JDBC driver for your version of Oracle.
  2. Important: Make sure the file name is “ojdbc7.jar”

Configuration files

First we will create the postconfigure.sh file which is a very simple SHELL command that will be run by the rh-sso in order to connect to the DB :

# cat > extensions/postconfigure.sh << EOF
$JBOSS_HOME/bin/jboss-cli.sh — file=/opt/eap/extensions/actions.cli
EOF

Next our actions.cli is a simple connection string for ojdbc. We will setup so it will look for environment variables that we are going to provide from the deployment config :

with your favorite editor create the file “extensions/actions.cli” and paste the following content :

## admin cli commands to edit the configuration
embed-server --std-out=echo --server-config=standalone-openshift.xml
batch
module add --name=com.oracle --resources=/extensions/ojdbc7.jar dependencies=javax.api,javax.resource.api 
/subsystem=datasources/jdbc-driver=oracle:add
(driver name=oracle,driver-module-name=com.oracle,driver-xa-datasource class-name=oracle.jdbc.xa.client.OracleXADataSource)
/subsystem=datasources/data-source=KeycloakDS:remove()
/subsystem=datasources/data-source=KeycloakDS:add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,connection-url=”jdbc\:
oracle\:thin\:@(DESCRIPTION\=(LOAD_BALANCE\=on)(ADDRESS\=(PROTOCOL\=TCP)(HOST\=${env.ORACLE_SERVICE_HOST})(PORT\=1521))(ADDRESS\=(PROTOCOL\=TCP)(HOST\=
${env.ORACLE_SERVICE_HOST})(PORT\=1521))(CONNECT_DATA\=(SERVICE_NAME\=${env.ORACLE_SERVICE_NAME})))”,driver-name=oracle,user-name=${env.ORACLE_USERNAME
},password=${env.ORACLE_PASSWORD})
run-batch
quit

The Key environment variable are :

  • ORACLE_SERVICE_HOST
  • ORACLE_SERVICE_NAME
  • ORACLE_USERNAME
  • ORACLE_PASSWORD
  • DB_VENDOR

Next we will create a Containerfile that will compile everything together to a single image :

# cat > Containerfile << EOF
FROM registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:latestCOPY extensions/ojdbc7.jar /opt/eap/extensions/
COPY extensions/postconfigure.sh /opt/eap/extensions/
COPY extensions/actions.cli /opt/eap/extensions/
USER root
RUN chmod 774 /opt/eap/extensions/*.sh
USER jboss
CMD [“/opt/eap/bin/openshift-launch.sh”]
EOF

Build the Image

To build the image we are going to use buildah and push it to our internal registry :

First login to registry.redhat.io with your credentials :

#podman login registry.redhat.io

Now build the image :

# buildah bud -f Containerfile -t <internal registry>/rh-sso/rh-sso-oracle# buildah push <internal registry>/rh-sso/rh-sso-oracle

Edit the DeploymentConfig

For our final step we need to update the deploymentConfig with the environment variables and our new image. more so any reference to postgreSQL should be removed.

# oc edit deploymentconfig.apps.openshift.io/sso
spec:

  template:

  spec:
    containers:
    - image: <internal registry>/rh-sso/rh-sso-oracle:latest
      env:
      - name: DB_VENDOR
        value: ORACLE
      - name: ORACLE_SERVICE_HOST
        value: < oracle hostname>
      - name: ORACLE_SERVICE_NAME 
        value: < oracle SID> 
      - name: ORACLE_USERNAME
        value: < oracle username >
      - name: ORACLE_PASSWORD
        value: < oracle password >

Save and close the deploymentConfig editing mode and Now wait for the rh-sso to start successfully with a connection to the Oracle database.

Openshift 4
Rh Sso
Keycloak
Oracle
Database

--

--

Oren Oichman

Written by Oren Oichman

227 Followers

Open Source contributer for the past 15 years

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams