Register a EuroDaT Client
You need to register a EuroDaT Client before it is able to connect to your EuroDaT instance.
If you are the administrator of a EuroDaT instance, you can use the script
cluster/scripts/register_client.sh.
The tls.crt corresponding to the client secret is required, see our tutorial how to generate a client secret
Registration Script Usage
Run the following command to register a client:
./cluster/scripts/register_client.sh \
--context $KUBECTL_CONTEXT \
--tls-cert-path $PATH_TO_CLIENT_TLS_CRT \
--client-id $CLIENT_ID \
--participant $PARTICIPANT \
--purpose $PURPOSE
--context: Kubernetes context to use for registration.--tls-cert-path: Path to client's certificate.--client-id: Unique identifier for the client being registered.--participant: The row-based security identifier for the client.--purpose: The purpose of the client (APPS, TRANSACTIONS, SAFEDEPOSITS)
If you want to register a multi-purpose client, you have to repeat --purpose for each purpose.
The token will contain all registered purposes.
The required realm is dependent on the environment you want to register
your client for, e.g., eurodat-int for the integration environment. This is automatically extracted
from the provided --context. If --context is not provided, then the following options must be
specified:
--realm: The realm you want to register this client for--platform-url: The URL of the cluster where the platform is deployed--idp-url: URL of the Identity Provider used--user-registrator-secret: secret to authenticate against IdP
If --context is provided, the options for the variables above must not be used, since these will be
extracted from Kubernetes.
Registration Workflow at EuroDaT
sequenceDiagram
participant CB as Client Backend
participant EC as EuroDaT Controller
participant KC as Keycloak
CB->>EC: Call registration endpoint<br>with client name and certificate
alt New client
EC->>KC: Create client with certificate
else Client exists
EC->>KC: Throw error
end