Merge branch 'development' of https://github.com/hzi-braunschweig/SORMAS-Project into feature-3054-Remove-invalid-imports

� Conflicts:
�	sormas-e2e-ui-tests/Object Repository/Login/MainView/menu_Settings.rs
�	sormas-e2e-ui-tests/Scripts/Events/CreateNewEvent/Script1587017521693.groovy
�	sormas-e2e-ui-tests/Scripts/Login/partials/ChangeLanguageToEnglish/Script1585891866369.groovy

Author: sergiupacurariu

.github/ISSUE_TEMPLATE/bug-report.md

@@ -24,5 +24,7 @@ If you've never submitted an issue to the SORMAS repository before or this is yo
 * Device:
 * SORMAS version:
 * Android version/Browser:
+* Server URL:
+* User Role:
 
 ### Additional Information

.gitignore

@@ -23,6 +23,10 @@ deploy
 /sormas-app/java_pid21052.hprof
 bin
 /sormas-base/setup/setup.log
+
+# Exclude maven wrapper
+!/.mvn/wrapper/maven-wrapper.jar
+
 /sormas-cargoserver/.env
 /sormas-cargoserver/custom.env
 /sormas-cargoserver/custom.properties

.mvn/wrapper/maven-wrapper.jar

@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar

.mvn/wrapper/maven-wrapper.properties

@@ -5,6 +5,7 @@ This guide explains how to:
  * set up the server address list file
  * add certificates of other SORMAS instances to the local truststore
  * add other servers to the local server list
+ * handling self-signed ssl certificates on test systems
 
 ### Prerequisites
 
@@ -13,32 +14,41 @@ See [Installing Java](SERVER_SETUP.md#java-11)
 
 ### Using the certificate generation script
 
-1. Run ``bash ./generate-cert.sh``
-2. If the ``sormas2sormas`` directory is not found, you will be prompted to provide its path.
-3. If the ``SORMAS_PROPERTIES`` environment variable is not available, the script will search for the ``sormas.properties`` 
-file in ``/opt/domains/sormas/sormas.properties`` by default. If it is not found there, you will be prompted to provide 
-the path to the ``sormas.properties`` file.
-4. For the generation of the certificate, the following data is needed: a password, a *Common Name* (CN) 
-    and an *Organization* (O). These may be set in environment variables (recommended), or provided 
-    manually as the script executes.
-    * The password environment variable should be named ``SORMAS_S2S_CERT_PASS``. Please note that the password has to be 
-    at least 6 characters, or you will be prompted for a new one.
-    * the *Common Name* environment variable should be named ``SORMAS_S2S_CERT_CN``.<br/>
-    **Important**: for Germany, this value should be the SurvNet Code Site. <br/>
-    E.g. *2.03.1.01.*
-    * the *Organization* (O) environment variable should be named ``SORMAS_S2S_CERT_ORG``.<br/>
+1. Run ``bash ./s2s-generate-cert.sh``
+2. If the ``SORMAS2SORMAS_DIR`` environment variable is not available, the script will search for ``/opt/sormas2sormas`` by default. 
+If it is not found there, you will be prompted to provide the pat to the *sormas2sormas* directory.
+3. If the ``SORMAS_DOMAIN_DIR`` environment variable is not available, the script will search for ``/opt/domains/sormas`` by default.<br>
+   If it is not found there, you will be prompted to provide the path to the *sormas domain directory*.
+   >If you don't have a local sormas installation, for example you are using the docker environment, 
+   >you can specify any existing directory and after the script finishes you will find a ``sormas.properties`` file there
+   >that contains the necessary configuration that must be added to the ``sormas.properties`` file of your installation
+4. For the generation of the certificate, the following data is needed:
+   an identifier of the *Organization*, the name of the *Organization*, the host name of the SORMAS server, the **https** port of the server,
+   a password for the certificate keystore and a password for the REST user to be used when sharing data through the REST api.
+   These may be set in environment variables (recommended), or provided manually as the script executes.
+
+    * the identifier of the *Organization* environment variable should be named ``SORMAS_ORG_ID``. 
+    This variable is also used as *Common Name* (CN) of the certificate<br/>
+    **Important**: for Germany, this value should be the SORMAS SurvNet Code Site (e.g. 2.99.1.01. if the regular Code Site was 1.99.1.01.). <br/>
+    * the name of the organization *Organization* (O) environment variable should be named ``SORMAS_ORG_NAME``.<br/>
     **Important**: for Germany, this value should be the name of the Health Department (Gesundheitsamt) 
     to which the SORMAS instance will be assigned. <br/>
-    E.g. *GA Braunschweig*
+    E.g. *GA Musterhausen*
+    * the host name variable should be named ``SORMAS_HOST_NAME``. <br/>
+    E.g. *sormas.gesundheitsamt-musterhausen.de* 
+    * the https port environment variable should be named ``SORMAS_HTTPS_PORT``. If it is not found, you will be prompted to provide it. 
+    If you press enter without typing a port number the default 443 will be used.
+    * The password environment variable should be named ``SORMAS_S2S_CERT_PASS``. Please note that the password has to be 
+    at least 6 characters, or you will be prompted for a new one.
+    * the REST user password environment variable should be named ``SORMAS_S2S_REST_PASSWORD``.
+    Please note that the password has to be at least 12 characters, or you will be prompted for a new one.
+    
 5. After providing the requested data, the certificate files will be generated. <br/>
    The generated certificate has a validity of 3 years. 
    The certificate files will be available in the root SORMAS directory, in the folder ``/sormas2sormas``.
 6. A CSV file containing the access data for this instance will also be generated in the folder ``/sormas2sormas``.
-   It will be named ``server-access-data.csv``.
-   The file will contain on the first two columns of the first row the Common Name and the Organization, as provided
-   when creating the certificate. <br/>
-   **Please fill in on the third column the full URL of the server.** <br/>
-   You will also have to set up a user for communicating with other SORMAS instances.
+   It will be named ``{host name}-server-access-data.csv``.
+   The file will contain the organization identifier, organization name, host name and the REST user password.<br/>
 7. The generated ``.p12`` file should not be shared with third parties. <br/>
    The generated ``.crt`` file will be verified and shared with other SORMAS instances, from which this instance
    will be able to request data. Conversely, in order to enable other SORMAS instances to request data from this 
@@ -52,24 +62,43 @@ the path to the ``sormas.properties`` file.
 To enable other SORMAS instances to send and receive data from this instance, their certificate must be added to the 
 truststore of this instance. Furthermore, the access data of other instances must be added to the local server
 list. To complete this setup, please follow the next steps:
-1. Run ``bash ./import-to-truststore.sh``
-2. If the ``sormas2sormas`` directory is not found, you will be prompted to provide its path.
-3. If the ``SORMAS_PROPERTIES`` environment variable is not available, the script will search for the ``sormas.properties`` 
-   file in ``/opt/domains/sormas/sormas.properties`` by default. If it is not found there, you will be prompted to provide 
-   the path to the ``sormas.properties`` file.
+1. Run ``bash ./s2s-import-to-truststore.sh``
+2. If the ``SORMAS2SORMAS_DIR`` environment variable is not available, the script will search for ``/opt/sormas2sormas`` by default. 
+If it is not found there, you will be prompted to provide the path to the *sormas2sormas* directory.
+3. If the ``SORMAS_DOMAIN_DIR`` environment variable is not available, the script will search for ``/opt/domains/sormas`` by default.
+   If it is not found there, you will be prompted to provide the path to the *sormas domain directory*.
+   >If you don't have a local sormas installation, for example you are using the docker environment, 
+   >you can specify any existing directory and after the script finishes you will find a ``sormas.properties`` file there
+   >that contains the necessary configuration that must be added to the ``sormas.properties`` file of your installation
+ 
 4. If ``sormas2sormas.truststore.p12`` is not found in the folder ``/sormas2sormas``, it will be created. 
     The truststore password may be provided in an environment variable ``SORMAS_S2S_TRUSTSTORE_PASS``.
     * If the aforementioned environment variable is not available, the truststore password will be searched in the 
     ``sormas.properties`` file.
     * If it is not found there, you will be prompted to provide the truststore password.
     * The relevant properties will be automatically set by the script in the ``sormas.properties`` file.
 5. If the server address list file ``server-list.csv`` is not found in the folder ``/sormas2sormas``, it will also be created.
-6. You will be prompted to provide the file name of the certificate to be imported. This certificate should be located
-in the ``/sormas2sormas`` folder. Please provide the name including the extension. E.g ``mycert.crt``
+6. You will be prompted to provide the *host name* of the organization that's certificate is being imported. 
+   If the certificate was generated with the `s2s-generate-cert.sh` script, the identifier can be found at the beginning of the file.
+   This certificate should be located in the ``/sormas2sormas`` folder. 
 7. After providing the requested data, the certificate will be imported to the truststore.
-8. You should have also received a CSV file with the server access data. From this file, copy the line corresponding to the
-    instance you would like to communicate with and add it to the local server address list file. This file is named
-    ``server-list.csv`` and is located in the ``/sormas2sormas`` folder. <br/>
-    *Note*: You may check that the Common Name and the Organization of the certificate match the ones corresponding to 
-    the server in the CSV file.
-9. You may now delete the ``.crt`` file.
+8. The content of the ``server-access-data.csv`` provided together with the certificate will be copied to the ``server-list.csv`` file.  
+9. You may now delete the ``.crt`` and ``server-access-data.csv`` files.
+
+10. *Optional for test systems and other systems with self-signed ssl certificates* <br>
+    You must import the SSL certificate of the other server into the ``cacerts.jks`` of your sormas domain.
+    * For getting the SSL certificate you can use ``openssl`` <br>
+        e.g.
+        ```shell script
+        openssl s_client -showcerts -servername sormas.gesundheitsamt-musterhausen.de -connect sormas.gesundheitsamt-musterhausen.de:443 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.cer        
+        ```
+    * To import the SSL certificate you can use ``keytool`` <br>
+        e.g.
+        ```shell script
+        keytool -importcert -trustcacerts -noprompt -keystore /opt/domains/sormas/config/cacerts.jks -alias sormas_dev -storepass changeit -file certificate.cer
+        ```
+        Note that the alias can be used only once.
+        
+After the certificate is generated and at least one other certificate is imported, 
+on some pages of the application you will see a new box with a *Share* button and information about sharing.
+  

GUIDE_SORMAS2SORMAS_CERTIFICATE.md

@@ -44,6 +44,12 @@ Other steps :
 * Adjust the logging configuration in ``${HOME}/opt/domains/sormas/config/logback.xml`` based on your needs (e.g. configure and activate email appender)
 * Build and deploy applications (ear and war) with you IDE.
 
+## Keycloak
+
+See [Keycloak](SERVER_SETUP.md#keycloak-server) for how to install Docker locally.
+
+If you are doing active development on Keycloak (themes, authentication mechanisms, translations, etc.) it's recommended to install the standalone variant.
+
 
 ## Other components
 

SERVER_DEV_SETUP.md

@@ -8,6 +8,7 @@
   * [Java 11](#java-11)
   * [Postgres Database](#postgres-database)
 * [SORMAS Server](#sormas-server)
+* [Keycloak Server](#keycloak-server)
 * [Web Server Setup](#web-server-setup)
   * [Apache Web Server](#apache-web-server)
   * [Firewall](#firewall)
@@ -18,6 +19,7 @@
 
 ## Related
 * [Creating an App for a Demo Server](DEMO_APP.md)
+* [SORMAS Docker Repository](https://github.com/hzi-braunschweig/SORMAS-Docker)
 
 ## Prerequisites
 
@@ -71,6 +73,62 @@
 * Adjust the logging configuration in ``/opt/domains/sormas/config/logback.xml`` based on your needs (e.g. configure and activate email appender)
 * Linux: [Update the SORMAS domain](SERVER_UPDATE.md)
 
+## Keycloak Server
+
+By default Keycloak is run as a Docker container, which can be set up in two ways:
+* As a Docker container
+* As a Standalone installation
+
+### Keycloak as a Docker container
+*To be done only in the situation when SORMAS is already installed on the machine as a standalone installation.*
+
+*For complete Docker setup see the [SORMAS-Docker](https://github.com/hzi-braunschweig/SORMAS-Docker/tree/keycloak-integration) repository.*
+
+**Prerequisites**
+* SORMAS Server is installed
+* PostgreSQL is installed
+* Docker is installed
+* Open and edit [keycloak-setup.sh](sormas-base/setup/keycloak/keycloak-setup.sh) with your system's actual values
+
+**Setup**
+* Run [keycloak-setup.sh](sormas-base/setup/keycloak/keycloak-setup.sh)
+* Update `sormas.properties` file in the SORMAS domain with the property `authentication.provider=KEYCLOAK`
+
+
+### Keycloak as a standalone installation
+
+**Prerequisites**
+* SORMAS Server is installed
+* PostgreSQL is installed
+
+**Setup**
+
+Setting Keycloak up as a standalone installation [Server Installation and Configuration Guide](https://www.keycloak.org/docs/11.0/server_installation/#installation)
+* Make sure to configure Keycloak with PostgreSQL Database [Relational Database Setup](https://www.keycloak.org/docs/11.0/server_installation/#_database)
+* Setup an Admin User
+* Copy the `themes` folder content to `${KEYCLOAK_HOME}/themes` [Deploying Themes](https://www.keycloak.org/docs/11.0/server_development/#deploying-themes)
+* Create the SORMAS Realm by importing [SORMAS.json](sormas-base/setup/keycloak/SORMAS.json) see [Create a New Realm](https://www.keycloak.org/docs/11.0/server_admin/#_create-realm)
+* Update the `sormas-*` clients by generating new secrets for them
+* Update the realm's email settings to allow sending emails to users
+
+To update the SORMAS Server run the following commands
+```shell script
+${ASADMIN} set-config-property --propertyName=payara.security.openid.clientSecret --propertyValue=${KEYCLOAK_SORMAS_UI_SECRET} --source=domain
+${ASADMIN} set-config-property --propertyName=payara.security.openid.clientId --propertyValue=sormas-ui --source=domain
+${ASADMIN} set-config-property --propertyName=payara.security.openid.scope --propertyValue=openid --source=domain
+${ASADMIN} set-config-property --propertyName=payara.security.openid.providerURI --propertyValue=http://localhost:${KEYCLOAK_PORT}/keycloak/auth/realms/SORMAS --source=domain
+${ASADMIN} set-config-property --propertyName=sormas.rest.security.oidc.json --propertyValue="{\"realm\":\"SORMAS\",\"auth-server-url\":\"http://localhost:${KEYCLOAK_PORT}/auth\",\"ssl-required\":\"external\",\"resource\":\"sormas-rest\",\"credentials\":{\"secret\":\"${KEYCLOAK_SORMAS_REST_SECRET}\"},\"confidential-port\":0,\"principal-attribute\":\"preferred_username\",\"enable-basic-auth\":true}" --source=domain
+${ASADMIN} set-config-property --propertyName=sormas.backend.security.oidc.json --propertyValue="{\"realm\":\"SORMAS\",\"auth-server-url\":\"http://localhost:${KEYCLOAK_PORT}/auth/\",\"ssl-required\":\"external\",\"resource\":\"sormas-backend\",\"credentials\":{\"secret\":\"${KEYCLOAK_SORMAS_BACKEND_SECRET}\"},\"confidential-port\":0}" --source=domain
+```
+where:
+* `${ASADMIN}` - represents the location to `${PAYARA_HOME}\bin\asadmin`
+* `${KEYCLOAK_PORT}` - the port on which keycloak will run
+* `${KEYCLOAK_SORMAS_UI_SECRET}` - is the secret generated in Keycloak for the `sormas-ui` client
+* `${KEYCLOAK_SORMAS_REST_SECRET}` - is the secret generated in Keycloack for the `sormas-rest` client
+* `${KEYCLOAK_SORMAS_BACKEND_SECRET}` - is the secret generated in Keycloack for the `sormas-backend` client
+
+Then update `sormas.properties` file in the SORMAS domain with the property `authentication.provider=KEYCLOAK`
+
 ## Web Server Setup
 
 ### Apache Web Server