configure production DataONE realm and redirect for ORCID

[mbjones]

Our current ORCID production member account is set up to redirect to https://cn.dataone.org/portal/oauth which is handled by the d1_portal servlet to process the authorization code. To configure keycloak in production, we would need to add an additional redirect URL that supports the keycloak deployment. I propose that we configure the keycloak server at the following URLs:

• Realm name: dataone
• Issuer: htttps://auth.dataone.org/realms/dataone
• Redirect: https://auth.dataone.org/realms/dataone/broker/orcid/endpoint

Still need to check if its possible to remove the realms/dataone part of that path.

[mbjones]

While it potentially seems possible to remove realms/dataone from the URI, it seems that keycloak is designed around the realms concepts and is more likely to be successful with the realm included. So I decided to keep it. I've now reconfigured the dev keycloak to use the following Issuer URI:

• Issuer: htttps://auth.test.dataone.org/realms/dataone

Deploy that on production as well and we should be set to go.

• Issuer: htttps://auth.dataone.org/realms/dataone