Next you will be modifying the OIDCServer class in your NetBeans project to use Keycloak.

1. Switch to NetBeans.

2. Check that your basic authentication service is not running (stop it if necessary).

3. Open the service.OIDCServer class definition.

4. Find the code that sets the various properties of the auth provider (e.g. the config.setRealm() call).

5. Update those settings to match your Keycloak configuration. For the client secret, you can find this in Keycloak under the COMP210 client details, under Credentials (click the Copy to Clipboard button).

6. Start the service by right-clicking the OIDCServer class and choosing Run File.

   Note that the routes displayed by Jooby in the NetBeans output pane include /callback and /logout. These are added by the pac4j security framework and provide webhook endpoints---authorisation providers like Keycloak can use these routes to send authorisation tokens to the web service, or inform the service that the tokens have been invalidated by the user logging out.

   This time we can use a web browser. Open the following URL: http://localhost:8081/ Your browser will be redirected to the realm's sign in page. Log in as doris.

   Whoops --- 403/Forbidden. We forgot to add the MANAGER role to the user.

7. Back in Keycloak, go into the user settings and add the MANAGER and EMPLOYEE roles to the Doris, and just the EMPLOYEE role to Boris. Then re-check the behaviour of the system.

   Note that you will need to logout the user's sessions to force the service to sign the user in again to get the updated profile. Do this via the <

   > tab for the user, and click <>.

8. Revisit the restricted pages in your Web browser. This time it should work.