Sso integration improvements

Various changes related to SSO integration

These changes originate from the work done in Keycloak Package to create a development realm with all the dev clients for the apps that need SSO. The changes were identified in the process of testing SSO integration with the packages.

• fix Nexus templating for SSO configuration
  closes #827 (closed)
• Nexus allow for a list of roles
  https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/merge_requests/23
  https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/releases/34.1.0-bb.3
• dev-sso-values.yaml missing reference to jwks that is needed by authservice
• add nexus to dev-sso-values.yaml
• update Keycloak version so that the dev realm code can make it to dogfood cluster and CI pipelines where it can be used for SSO testing. There is no Keycloak application code in this new version, only dev changes.
  https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/merge_requests/41
  https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/releases/11.0.1-bb.9

chart/templates/nexus-repository-manager/values.yaml

@@ -27,6 +27,12 @@ networkPolicies:
 nexus:
   imagePullSecrets:
     - name: private-registry
+  {{- if .Values.addons.nexus.license_key }}
+  properties:
+    override: true
+    data: 
+      nexus.licenseFile: /nexus-data/sonatype-license.lic
+  {{- end }}
 
 license_key: "{{ .Values.addons.nexus.license_key }}"
 
@@ -34,12 +40,16 @@ license_key: "{{ .Values.addons.nexus.license_key }}"
 sso:
   enabled: {{ .Values.addons.nexus.sso.enabled }}
   idp_data:
+    {{- if .Values.addons.nexus.sso.idp_data.entityId }}
+    entityId: {{ .Values.addons.nexus.sso.idp_data.entityId }}
+    {{- else }}
     entityId: "https://nexus.{{ $domainName }}/service/rest/v1/security/saml/metadata"
-    usernameAttribute: "{{ .Values.addons.nexus.sso.idp_data.username }}"
-    firstNameAttribute: "{{ .Values.addons.nexus.sso.idp_data.firstName }}"
-    lastNameAttribute: "{{ .Values.addons.nexus.sso.idp_data.lastName }}"
-    emailAttribute: "{{ .Values.addons.nexus.sso.idp_data.email }}"
-    groupsAttribute: "{{ .Values.addons.nexus.sso.idp_data.groups }}"
+    {{- end }}
+    usernameAttribute: "{{ default "username" .Values.addons.nexus.sso.idp_data.username }}"
+    firstNameAttribute: "{{ default "firstName" .Values.addons.nexus.sso.idp_data.firstName }}"
+    lastNameAttribute: "{{ default "lastName" .Values.addons.nexus.sso.idp_data.lastName }}"
+    emailAttribute: "{{ default "email" .Values.addons.nexus.sso.idp_data.email }}"
+    groupsAttribute: "{{ default "groups" .Values.addons.nexus.sso.idp_data.groups }}"
     validateResponseSignature: "true"
     validateAssertionSignature: "true"
     idpMetadata: '{{ .Values.addons.nexus.sso.idp_data.idpMetadata }}'
@@ -48,12 +58,17 @@ sso:
     - "NexusAuthorizingRealm"
     - "SamlRealm"
   role:
-    id: "keycloak"
-    name: "keycloak"
-    description: "all keycloak users as admins"
+    id: {{ default "Nexus" .Values.addons.nexus.sso.role.id }}
+    name: {{ default "Keycloak Nexus Group" .Values.addons.nexus.sso.role.name }}
+    description: {{ default "Nexus unprivilaged users" .Values.addons.nexus.sso.role.description }}
+    {{- if .Values.addons.nexus.sso.role.privileges }}
     privileges:
-      - "nx-all"
+    {{- toYaml .Values.addons.nexus.sso.role.privileges | nindent 4 }}
+    {{- end }}
+    {{- if .Values.addons.nexus.sso.role.roles }}
     roles:
-      - "nx-admin"
+    {{- toYaml .Values.addons.nexus.sso.role.roles | nindent 4 }}
+    {{- end }}
+
 {{- end }}
 {{- end -}}