Procedure: Creating a Client for the Realtime Decision Server

1. On the RH-SSO admin console, open the security realm that you created.

2. Click Client tab from the main menu and click Create.

   The Add Client page opens.

3. On the Add Client page, provide the required information to create a new client for your realm. For example:

   • Client ID: kie-execution-server
   • Root URL: http://localhost:8080/kie-server
   • Client protocol: openid-connect
4. Navigate to the Credentials tab and copy the secret key and and paste it on the kie-execution-server client configuration screen.

5. Click Save to save your changes.

   Once you create a new client, its access value is public by default. Change it to confidential.

Procedure: Setting Up the Realtime Decision Server

1. Navigate to EAP_HOME/standalone/configuration in your EAP installation and edit standalone.xml to add the RH-SSO subsystem configuration. For example:

   <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
     <secure-deployment name="kie-server.war">
        <realm>demo</realm>
        <realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</realm-public-key>
        <auth-server-url>http://localhost:8180/auth</auth-server-url>
        <ssl-required>external</ssl-required>
        <resource>kie-execution-server</resource>
        <enable-basic-auth>true</enable-basic-auth>
        <credential name="secret">03c2b267-7f64-4647-8566-572be673f5fa</credential>
        <principal-attribute>preferred_username</principal-attribute>
     </secure-deployment>
   </subsystem>
   
   <system-properties>
     <property name="org.kie.server.sync.deploy" value="false"/>
   </system-properties>

   Here,

   • secure-deployment name: Name of your application WAR file.
   • realm: Name of the realm that you created for the applications to use.
   • realm-public-key: The public key of the realm you created. You can
   • find it in the Keys tab in the Realm settings page of the realm you created in the RH-SSO admin console. If you do not provide a value for this public key, the server retrieves it automatically.
   • auth-server-url: The URL for the RH-SSO authentication server.
   • resource: The name for the server client that you created.
   • enable-basic-auth: The setting to enable basic authentication mechanism, so that the clients can use both token-based and basic authentication approaches to perform the requests.
   • credential name: The secret key of the server client you created. You can find it in the Credentials tab on the Clients page of the RH-SSO admin console.
   • principal-attribute: The login name of the user. If you do not provide this value, your User Id is displayed in the application instead of your user name.
2. Save your configuration changes in standalone.xml.

3. Use the following command to restart the EAP server and run the Realtime Decision Server.

   EXEC_SERVER_HOME/bin/standalone.sh -Dorg.kie.server.id=<ID> -Dorg.kie.server.user=<USER> -Dorg.kie.server.pwd=<PWD> -Dorg.kie.server.location=<LOCATION_URL> -Dorg.kie.server.controller=<CONTROLLER_URL> -Dorg.kie.server.controller.user=<CONTROLLER_USER> -Dorg.kie.server.controller.pwd=<CONTOLLER_PASSWORD>

   Here is an example:

   EXEC_SERVER_HOME/bin/standalone.sh -Dorg.kie.server.id=kieserver1 -Dorg.kie.server.user=kieserver -Dorg.kie.server.pwd=password -Dorg.kie.server.location=http://localhost:8080/kie-server/services/rest/server -Dorg.kie.server.controller=http://localhost:8080/business-central/rest/controller -Dorg.kie.server.controller.user=kiecontroller -Dorg.kie.server.controller.pwd=password

4. Once the Realtime Decision Server is running, you can check the server status using the following command:

   curl http://kieserver:password@localhost:8080/kie-server/services/rest/server/