address review

src/assets/Keycloak/Keycloak.md

@@ -3,8 +3,8 @@ title: Introduction to Keycloak
 authorName: Amrita Shrestha
 authorAvatar: https://avatars.githubusercontent.com/u/54478846?s=100&v=4
 authorLink: https://github.com/amrita-shrestha
-createdAt: May 14, 2024
-tags: Keycloak, Identity Access Management
+createdAt: May 31, 2024
+tags: Keycloak, IAM
 banner: https://blog.jankaritech.com/src/assets/Keycloak/images/Keycloak/Keycloak.png
 ---
 
@@ -39,18 +39,10 @@ without the need for additional coding.
 6. Social Login:
    Keycloak has built-in support to login via Google, GitHub, and Facebook, which helps us to use social identity providers.
 
-## Keycloak Drawbacks
-Despite its extensive features, Keycloak does have certain limitations. One of these is the need for a more varied implementation approach.
-Additionally, the following are some of the drawbacks associated with Keycloak:
-1. Complex Server Deployment:
-   The manual process involved in deploying Keycloak on a server can be complicated, potentially affecting overall productivity.
-
-2. Lack of Comprehensive Support Documentation:
-   Despite its robust functionalities, Keycloak could benefit from more efficient and extensive support documentation. This would make it easier for users to find suitable solutions to their problems.
-
 ## Keycloak Installation
 ### By Docker
 Make sure [Docker Engine](https://docs.docker.com/engine/install/) and [Docker Compose](https://docs.docker.com/compose/install/) has been installed in your system.
+Two different ways are available to install Keycloak using docker as mentioned below.
 
 1. Keycloak using docker image
 Run the following docker command to serve the Keycloak image. Keycloak will be available on `http://localhost:8080.
@@ -94,8 +86,8 @@ Save the above code in `compose.yaml` file and run `docker compose up` in a term
 
 Docker compose serves Keycloak on `http://localhost:8001`.
 
-### By distribution file
-There is another way to set up Keycloak using the keycloak distribution file.
+### By Distribution File
+There is another way to set up Keycloak using the Keycloak distribution file.
 1. Download the Keycloak distribution
     ```
     export KC_VERSION=24.0.4
@@ -121,7 +113,7 @@ There is another way to set up Keycloak using the keycloak distribution file.
     ```
    KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD=admin ./bin/kc.sh start-dev
    ```
-    > Note: if port 8080 is already used then you can map the Keycloak port using the Keycloak environment variable 'KC_HTTP_PORT=8001'
+    > Note: if port 8080 is already used, then you can map the Keycloak port using the Keycloak environment variable 'KC_HTTP_PORT=8001'
 
 6. When we start again, it is not necessary to set these variables again. You can start the server with:
     ```
@@ -138,6 +130,15 @@ Keycloak serves on `http://localhost:<port>`.
 3. Keycloak provides a web-based GUI which makes any configurations changes easy.
 4. Keycloak has huge [community support](https://www.keycloak.org/community).
 
+## Keycloak Drawbacks
+Despite its extensive features, Keycloak does have certain limitations. One of these is the need for a more varied implementation approach.
+Additionally, the following are some of the drawbacks associated with Keycloak:
+1. Complex Server Deployment:
+   The manual process involved in deploying Keycloak on a server can be complicated, potentially affecting overall productivity.
+
+2. Lack of Comprehensive Support Documentation:
+   Despite its robust functionalities, Keycloak could benefit from more efficient and extensive support documentation. This would make it easier for users to find suitable solutions to their problems.
+
 ## When It May Not Be the Best Choice?
 1. Enterprises seeking robust guarantees or support may find Keycloak lacking in this regard. As an open-source project, there are no assurances provided by its producer regarding its functionality or roadmap.
    Support is community-driven, typically through platforms like Stack Overflow, with no guaranteed response times.

src/assets/Keycloak/oCIS-with-Keycloak.md

@@ -1,22 +1,62 @@
 ---
-title: Case Study About Integrating oCIS With Keycloak
+title: Integrating oCIS With Keycloak
 authorName: Amrita Shrestha
 authorAvatar: https://avatars.githubusercontent.com/u/54478846?s=100&v=4
 authorLink: https://github.com/amrita-shrestha
-createdAt: May 14, 2024
-tags: ownCloud Infinite Scale, oCIS, oCIS-with-Keycloak, Keycloak
+createdAt: May 31, 2024
+tags: ownCloud, oCIS, oCIS-with-Keycloak, Keycloak
 banner: https://blog.jankaritech.com/src/assets/Keycloak/images/oCIS-Keycloak/oCIS-with-Keycloak.png
+---
 
-[In the previous blog](/src/assets/Keycloak/Keycloak.md), we explored the general functionality of Keycloak. In this current post, I will show how to setup of the [oCIS](https://owncloud.dev/ocis/)(file-sync and share platform) with Keycloak.
-
-## oCIS with Keycloak
-Make sure [Docker Engine](https://docs.docker.com/engine/install/) and [Docker Compose](https://docs.docker.com/compose/install/) has been installed in your system.
-
-### Run services
-Before setting up oCIS with Keycloak, it's essential to deploy both oCIS and Keycloak services. In this blog, I will explain how to do that using `docker compose`.
-Here, oCIS and Keycloak runs behind Traefik as reverse proxy. Traefik generates self-signed certificates for oCIS and Keycloak.
+[In the previous blog](/src/assets/Keycloak/Keycloak.md), we explored the general functionality of Keycloak.
+In this blog, I demonstrate how we can integrate [oCIS](https://owncloud.dev/ocis/)(file-sync and share platform) with Keycloak using the Keycloak WebUI.
+Anyone interested in getting hands-on experience with Keycloak can read this blog.
+
+## Run Services
+Make sure you've installed [Docker Engine](https://docs.docker.com/engine/install/) and [Docker Compose](https://docs.docker.com/compose/install/).
+
+Before setting up oCIS with Keycloak, it's essential to deploy both oCIS and Keycloak services. I'll describe how to achieve it with **docker compose**.
+oCIS and Keycloak runs behind **Traefik** as reverse proxy. **Traefik** generates self-signed certificates for oCIS and Keycloak.
+
+You have to create a **csp.yaml** file with the following contents:
+```yaml
+directives:
+  child-src:
+    - '''self'''
+  connect-src:
+    - '''self'''
+    # In contrary to bash and docker the default is given after the | character
+    - 'https://${KEYCLOAK_DOMAIN|host.docker.internal:8443}'
+  default-src:
+    - '''none'''
+  font-src:
+    - '''self'''
+  frame-ancestors:
+    - '''none'''
+  frame-src:
+    - '''self'''
+    - 'https://embed.diagrams.net/'
+  img-src:
+    - '''self'''
+    - 'data:'
+    - 'blob:'
+  manifest-src:
+    - '''self'''
+  media-src:
+    - '''self'''
+  object-src:
+    - '''self'''
+    - 'blob:'
+  script-src:
+    - '''self'''
+    - '''unsafe-inline'''
+  style-src:
+    - '''self'''
+    - '''unsafe-inline'''
+```
 
 You can either download the docker code from [GitHub](https://github.com/amrita-shrestha/keycloak-ocis/blob/master/compose.yaml) or utilize the code provided below:
+> Note: **PROXY_CSP_CONFIG_FILE_LOCATION** should contain the exact location of a **csp.yaml** file
 
 ```
 services:
@@ -46,7 +86,7 @@ services:
     restart: always
 
   ocis:
-    image: owncloud/ocis:latest
+    image: owncloud/ocis:latest # ocis version = v5.0.5
     entrypoint:
       - /bin/sh
     command: ["-c", "ocis init || true; ocis server"]
@@ -69,6 +109,10 @@ services:
       PROXY_TLS: false
       PROXY_USER_OIDC_CLAIM: preferred_username
       PROXY_USER_CS3_CLAIM: username
+      PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml
+      KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-host.docker.internal:8443}
+    volumes:
+      - ./csp.yaml:/etc/ocis/csp.yaml
     extra_hosts:
       - host.docker.internal:host-gateway
     labels:
@@ -122,16 +166,20 @@ Docker compose serves three services:
 
 ### Manual Steps For Setting Up oCIS With Keycloak
 1. Go to oCIS url: `https://host.docker.internal:9200/`
+> Note: The oCIS WebUI will not be accessible until Keycloak and oCIS are fully integrated.
+  The discovery endpoint is unavailable, which is why the web interface is inaccessible.
 
 ![oCIS](/src/assets/Keycloak/images/oCIS-Keycloak/oCIS-Keycloak-UI-setup-1.png)
 
 2. Go to Keycloak url: `https://host.docker.internal:8443/`
 
 ![keycloak](/src/assets/Keycloak/images/oCIS-Keycloak/oCIS-Keycloak-UI-setup-2.png)
 
-3. Create new realm: `oCIS`
+3. Create new realm:
 
 ![create realm](/src/assets/Keycloak/images/oCIS-Keycloak/create-realm-1.png)
+
+- Realm name: `oCIS`
 ![create realm with name `oCIS`](/src/assets/Keycloak/images/oCIS-Keycloak/create-realm-2.png)
 > Note: the realm name should be the name provided in the oCIS environment variable: `OCIS_OIDC_ISSUER: https://host.docker.internal:8443/realms/oCIS`
 
@@ -157,7 +205,7 @@ Docker compose serves three services:
 
 6. Create a new user:
 
-- With `username: admin` and other informations:
+- With `username: admin` and other information:
 
 ![create user](/src/assets/Keycloak/images/oCIS-Keycloak/create-user-1.png)
 ![add user information](/src/assets/Keycloak/images/oCIS-Keycloak/create-user-2.png)
@@ -179,16 +227,15 @@ Docker compose serves three services:
 ![update-roles](/src/assets/Keycloak/images/oCIS-Keycloak/update-roles.png)
 > Note: oCIS default role_claim is 'roles'
 
-8. Go to url `https://host.docker.internal:9200/` reload if already opened
+8. Go to url `https://host.docker.internal:9200/`, reload if already opened
 ![login to oCIS with keycloak](/src/assets/Keycloak/images/oCIS-Keycloak/oCIS-Keycloak-login.png)
-Enter `username: admin` and `password: admin` to login oCIS
-
-### Setting Up oCIS With Keycloak Using JSON files
-Keycloak provides an [Importing and Exporting Realms](https://www.keycloak.org/server/importExport) feature. If we have JSON configuration files then we can avoid setting services in keycloak.
-oCIS provides documentation to set up [oCIS with Keycloak](https://owncloud.dev/ocis/deployment/ocis_keycloak/) which uses JSON configuration. oCIS provides source code to deploy
-[oCIS-with-Keycloak](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_keycloak).
+Enter `username: admin` and `password: admin` to log into oCIS
 
+### Setting Up oCIS With Keycloak Using JSON Files
+Keycloak provides an [Importing and Exporting Realms](https://www.keycloak.org/server/importExport) feature. If we have JSON configuration files, then we can avoid manually setting services in Keycloak.
+oCIS provides documentation to set up [oCIS with Keycloak](https://owncloud.dev/ocis/deployment/ocis_keycloak/) which uses JSON configuration.
+If you want to automate Keycloak integration with oCIS services, then you can use json files.
 
-In this blog post, we've talked about putting Keycloak and oCIS together. We've shown how to set them up using Docker Compose, making sure they work smoothly with Traefik.
+In this blog post, we've talked about putting Keycloak and oCIS together. We've shown how to set them up using **Docker Compose**, making sure they work smoothly with **Traefik**.
 We've also given step-by-step instructions on setting up oCIS with Keycloak manually, like making realms, adding clients and roles, and creating users.
 For those who like using JSON files, Keycloak lets you do that to set things up more easily.