Merge branch 'ocis-keycloak' of github.com:JankariTech/blog into vlog…

…-on-topics

src/assets/Keycloak/keycloak.md

@@ -0,0 +1,69 @@
+---
+title: Introduction to Keycloak
+authorName: Amrita Shrestha
+authorAvatar: https://avatars.githubusercontent.com/u/54478846?s=100&v=4
+authorLink: https://github.com/amrita-shrestha
+createdAt: March 26, 2024
+tags: Keycloak
+banner: https://blog.jankaritech.com/src/assets/keycloak/images/keycloak.png
+---
+
+## Keycloak
+[Keycloak](https://github.com/keycloak/keycloak) is an open-source project for Red Hat SSO. It provides an `Identity and Access Management` solutions designed to secure application services.
+Additionally, it enables users to authenticate through various identity providers and use fine-grained permissions for regulating access to Software as a Service (SaaS) applications.
+Keycloak alternatives are Auth0, Zluri, Microsoft Azure Active Directory, Okta or WSO2 Identity Server.
+
+It facilitates the creation of a user database with customizable roles and groups, offering functionalities such as user management, registration, and password policy enforcement.
+This makes it a comprehensive Identity and Access Management (IAM) solution for contemporary applications. Keycloak's API enables the integration of all these features into your application
+without the need for additional coding.
+
+## Keycloak Features
+![Keycloak features](/src/assets/Keycloak/images/keycloak-features.png)
+
+1. `Identity Broker:`
+   Identity Broker acts as a middleman, linking various service providers with different identity providers. It establishes trust with external identity providers to utilize their identities for accessing internal services offered by service providers.
+   Imagine a textile company, which has two Keycloak setups: one for customer and another for internal employees. If you want your employees to access external services without creating new accounts on customer Keycloak, you can use the customer Keycloak
+   as the mediator and the customer Keycloak as the source in this scenario.
+
+2. `User Federation:`
+   Keycloak provides the ability to integrate with existing LDAP or Active Directory servers. It also supports implementation of your own provider such as a relational database.
+
+3. `Standard Protocols:`
+   Keycloak is based on three standard protocols i.e., OpenID Connect, OAuth2.0, and SAML.
+
+4. `Password Policies:`
+   Keycloak contain different password policies i.e., HashAlgorithm, Hashing Iterations, Digits, Lowercase Characters, Regular Expression and so on.
+
+5. `Single-Sign On:`
+   Keycloak facilitates a seamless login experience where users only need to sign in once to access multiple applications, eliminating the need for repeated logins.
+   This not only streamlines user experience but also simplifies identity management for administrators.
+
+6. `Social Login:`
+   Keycloak has built-in support for Google, GitHub, and Facebook which help us to use social identity providers.
+
+## Keycloak Drawbacks
+Despite its extensive features, Keycloak does have certain limitations. One of these is the need for a more varied implementation approach.
+Additionally, the following are some of the drawbacks associated with Keycloak:
+1. `Complex Server Deployment:` The manual process involved in deploying Keycloak on a server can be complicated, potentially affecting overall productivity.
+2. `Lack of Comprehensive Support Documentation:` Despite its robust functionalities, Keycloak could benefit from more efficient and extensive support documentation. This would make it easier for users to find suitable solutions to their problems.
+
+## SetUp Keycloak using docker
+1. Keycloak using docker image
+```bash
+docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.2 start-dev
+```
+
+2. Keycloak with postgres database using docker-compose
+   ![Setup Keycloak using docker compose](src/assets/keycloak/images/start-keycloak-with-docker-compose.png)
+
+## Why You Should Know Keycloak
+1. Open source
+2. Supports three different authentication protocols which give you the possibility to cover many applications with different security demands with a single tool.
+3. Provides web-based GUI which makes any configurations changes easier.
+4. Huge community support
+
+## When It May Not Be the Best Choice
+1. Enterprises seeking robust guarantees or support may find Keycloak lacking in this regard. As an open-source project, there are no assurances provided by its producer regarding its functionality or roadmap.
+   Support is community-driven, typically through platforms like Stack Overflow, with no guaranteed response times.
+2. If your application consists of a single application with just one client in the Keycloak realm, you won't benefit from Single Sign-On (SSO) capabilities.
+3. For applications solely reliant on a pure user database, Keycloak could be overkill. A database with specific tables may offer a simpler alternative, especially if you already have one set up.

src/assets/Keycloak/ocis-with-keycloak.md

@@ -0,0 +1,161 @@
+---
+title: keycloak Server
+authorName: Amrita Shrestha
+authorAvatar: https://avatars.githubusercontent.com/u/54478846?s=100&v=4
+authorLink: https://github.com/amrita-shrestha
+createdAt: March 26, 2024
+tags: owncloud infinte scale, ocis, ocis-with-keycloak
+banner: https://blog.jankaritech.com/src/assets/keycloak/images/keycloak-with-ocis.png
+---
+
+[In previous blog](src/assets/keycloak/keycloak.md), we explored the topic of Keycloak. In this current post, our focus shifts to discussing the setup of OCIS with Keycloak.
+
+
+## Keycloak with ocis
+
+### Run services
+Before setting up `ocis with keycloak`, it's essential to deploy `keycloak and ocis`. This blog details the deployment of `ocis and keycloak` via `docker compose`.
+Using `Traefik`, `ocis and keycloak` has been served using certificates.
+You can either download the code from [GitHub](https://github.com/amrita-shrestha/keycloak-ocis/blob/master/compose.yaml) or utilize the code provided below:
+
+```dockerfile
+services:
+  traefik:
+    image: traefik:2.11.0
+    command:
+      [
+        "--log.level=ERROR",
+        "--api.insecure=true",
+        "--api.dashboard=true",
+        "--pilot.dashboard=false",
+        "--providers.docker=true",
+        "--entrypoints.ocis.address=:9200",
+        "--entrypoints.keycloak.address=:8443",
+        "--providers.docker.exposedbydefault=false",
+        "--entrypoints.websecure.http.tls.options=default",
+      ]
+    ports:
+      - 8080:8080
+      - 9200:9200
+      - 8443:8443
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.traefik.rule: HostRegexp(`{any:.+}`)
+    restart: always
+
+  ocis:
+    image: owncloud/ocis:latest
+    entrypoint:
+      - /bin/sh
+    command: ["-c", "ocis init || true; ocis server"]
+    environment:
+      # Keycloak IDP configuration
+      PROXY_AUTOPROVISION_ACCOUNTS: true
+      PROXY_ROLE_ASSIGNMENT_DRIVER: oidc
+      OCIS_OIDC_ISSUER: https://host.docker.internal:8443/realms/ocis # ocis is keycloak realm name
+      PROXY_OIDC_REWRITE_WELLKNOWN: true
+      WEB_OIDC_CLIENT_ID: web
+      # general config
+      OCIS_URL: https://host.docker.internal:9200
+      OCIS_LOG_LEVEL: error
+      OCIS_INSECURE: true
+      OCIS_ADMIN_USER_ID: ""
+      OCIS_EXCLUDE_RUN_SERVICES: idp
+      GRAPH_ASSIGN_DEFAULT_USER_ROLE: false
+      GRAPH_USERNAME_MATCH: none
+      # PROXY
+      PROXY_TLS: false
+      PROXY_USER_OIDC_CLAIM: preferred_username
+      PROXY_USER_CS3_CLAIM: username
+    extra_hosts:
+      - host.docker.internal:host-gateway
+    labels:
+      traefik.enable: true
+      traefik.http.routers.ocis.tls: true
+      traefik.http.routers.ocis.rule: PathPrefix(`/`)
+      traefik.http.routers.ocis.entrypoints: ocis
+      traefik.http.services.ocis.loadbalancer.server.port: 9200
+
+  postgres:
+    image: postgres:alpine
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: keycloak
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.1
+    command: ["start-dev", "--proxy=edge"]
+    environment:
+      KC_DB: postgres
+      KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: keycloak
+      KC_FEATURES: impersonation
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    extra_hosts:
+      - host.docker.internal:host-gateway
+    labels:
+      traefik.enable: true
+      traefik.http.routers.keycloak.tls: true
+      traefik.http.routers.keycloak.rule: PathPrefix(`/`)
+      traefik.http.routers.keycloak.entrypoints: keycloak
+      traefik.http.services.keycloak.loadbalancer.server.port: 8080
+    depends_on:
+      - postgres
+
+volumes:
+  postgres_data:
+```
+
+
+### Manual configuration for ocis on keycloak
+1. Go to ocis url: `https://host.docker.internal:9200/`
+![ocis](src/assets/keycloak/images/ocis-keycloak-UI-setup-1.png)
+
+2. Go to keycloak url: `https://host.docker.internal:8443/`
+![keycloak](src/assets/keycloak/images/ocis-keycloak-UI-setup-2.png)
+
+3. Create new realm: `ocis`
+![create realm](src/assets/keycloak/images/create-realm.png)
+![create realm with name `ocis`](src/assets/keycloak/images/create-realm-2.png)
+
+4. Add a new client:
+![client registration](src/assets/keycloak/images/client-registration.png)
+
+- Client ID: `web`
+![add client](src/assets/keycloak/images/client-registration-2.png)
+
+- Root URL: `https://host.docker.internal:9200`
+![add root url](src/assets/keycloak/images/client-registration-3.png)
+
+5. Add realm roles:
+
+- Role name: `ocisAdmin`
+![add realm role](src/assets/keycloak/images/create-realm-role.png)
+
+6. Create a new user:
+
+- Username: `admin` and other info
+![create user](src/assets/keycloak/images/create-user-1.png)
+![add user information](src/assets/keycloak/images/create-user-2.png)
+
+- Create password
+![create password](src/assets/keycloak/images/create-user-3.png)
+![setup password for user](src/assets/keycloak/images/create-user-4.png)
+
+- Role Mapping: Assign `ocisAdmin` role
+![assign role](src/assets/keycloak/images/assign-role-to-user.png)
+![assign role to user](src/assets/keycloak/images/asign-role-to-user-2.png)
+
+7. Update `roles` Client scope: `Client Scopes` -> `roles`
+- `Mappers` -> `realm roles` -> `Token Claim Name=roles`
+![update-roles](src/assets/keycloak/images/update-roles.png)
+
+8. Go to url `https://host.docker.internal:9200/` reload if already opened
+![login ocis with keycloak](src/assets/keycloak/images/ocis-keycloak-login.png)

src/assets/githubAction/githubActionBeginner.md

@@ -7,11 +7,11 @@ createdAt: Oct 30, 2023
 tags: CI, CD, github, githubAction
 banner: https://blog.jankaritech.com/src/assets/githubAction/images/githubaction_banner.png
 ---
-GitHub Actions is an automation and CI/CD service provided by GitHub. It allows us to automate our software development process or workflows, from building and testing code to deploying it to different environments. It's a really effective tool that can both increase software quality and save us time.
+GitHub Actions is an automation and CI/CD service provided by GitHub, allowing us to automate our software development processes or workflows, from building and testing code to deploying it to different environments. It's an effective tool that can enhance software quality and save time.
 
 ## Some features of GitHub Actions:
 - It allows you to automate your Software Development Life Cycle (SDLC) processes or workflows.
-- It simplifies CI/CD integration, enabling seamless DevOps practices.
+- It simplifies CI/CD integration, facilitating seamless DevOps practices.
 
 ## Components of GitHub Actions:
 1. Workflows
@@ -25,23 +25,23 @@ GitHub Actions is an automation and CI/CD service provided by GitHub. It allows
 
 
 ### 1. Workflows:
-Workflows are automated procedures that you add to your repository. Workflows will run when triggered by an event in your repository, or they can be triggered manually, or at a defined schedule. It can be used to build, test, package, release, or deploy a project on GitHub.
+Workflows are automated procedures that you add to your repository. It will run when triggered by an event in your repository, or they can be triggered manually, or at a defined schedule. It can be used to build, test, package, release, or deploy a project on GitHub.
 
 ### 2. Events:
-Events are specific activities like code push, pull request creation, issue creation, comments on pull request or issue, etc. that triggers a workflow.
+Events are specific activities such as code push, pull request creation, issue creation, comments on pull requests or issues, etc., that trigger a workflow.
 
 ### 3. Jobs
-Jobs are the set of steps that are executed in the same runner. A workflow with multiple jobs will run in parallel which is the default, but it can be configured so that jobs will run sequentially.
+Jobs are the set of steps that are executed in the same runner. A workflow with multiple jobs will run in parallel, which is default, but it can be configured so that jobs run sequentially.
 
 
 ### 4. Steps
 A step is an individual task that can run the commands in a job. These can be actions or commands.
 
 ### 5. Actions
-Actions are the standalone commands for the GitHub Actions platform that perform a complex but frequently repeated task. Actions help to reduce the repetitive code in workflows.
+Actions are the standalone commands for the GitHub Actions platform that perform complex but frequently repeated tasks. Actions help to reduce repetitive code in workflows.
 
 ### 6. Runner
-A runner is a GitHub actions server where our workflows run. A runner listens for available jobs. Each runner runs multiple jobs at a time, and reports the progress, logs, and results back to GitHub. GitHub hosted runners are based on Ubuntu, Linux, Microsoft Windows, and Mac OS.
+A runner is a GitHub Actions server where our workflows run. It listens for available jobs, runs multiple jobs at a time, and reports the progress, logs, and results back to GitHub. GitHub hosted runners are based on Ubuntu, Linux, Microsoft Windows, and Mac OS.
 
 Note:
 One event can trigger many workflows, a workflow can contain many jobs, and a job can contain many steps.
@@ -52,26 +52,26 @@ One event can trigger many workflows, a workflow can contain many jobs, and a jo
 
 ## Getting started:
 
-Before we dive into an example, make sure you have a repository where you want to set up your CI/CD workflow. If you don't have one, create a new repository for example named `action-hero`.
+Before we dive into an example, make sure you have a repository where you want to set up your CI/CD workflow. If you don't have one, create a new repository, for example, named `action-hero`.
 
 Step 1: Clone your repository into your system
 ```bash
 git clone <your_github_repo_url>
 ```
 
-Step 2: Go to path `action-hero` and make a folder `.github`
+Step 2: Go to path `action-hero` and create a folder `.github`
 ```bash
 cd action-hero
 mkdir .github
 ```
 
-Step 4: Then, go to path `.github` and make a folder `workflows`
+Step 3: Then, go to path `.github` and create a folder `workflows`
 ```bash
 cd .github
 mkdir workflows
 ```
 
-Step 5: Inside the folder `workflows` create a `hello_world.yml` file
+Step 4: Inside the folder `workflows` create a `hello_world.yml` file
 ```bash
 cd workflows
 touch hello_world.yml
@@ -84,7 +84,7 @@ Our file structure should look like this
 ┃ ┃ ┗ 📜hello_world.yml
 ```
 
-Step 6: Add the following code snippet to your `hello_world.yml` file:
+Step 5: Add the following code snippet to your `hello_world.yml` file:
 
 ```
 name: Hello world workflow
@@ -109,14 +109,14 @@ jobs:
 In this example:
 - The workflow is triggered by a push event on the main branch.
 - The job named "build" runs on the latest version of Ubuntu.
-- The first step checks out the repository using the actions/checkout action.
-- The second step simply prints a message using the echo command.
+- The first step checks out the repository using the `actions/checkout` action.
+- The second step simply prints a message using the `echo` command.
 
 ## GitHub Actions activity:
 
 ![github activity](/src/assets/githubAction/images/output.png)
 
-Above image is an output from a GitHub Actions workflow run. The output shows that the workflow was successful and completed the `Hello world workflow` job, which consisted of two steps: `Checkout repository` and `Print a message`.
+The image above is an output from a GitHub Actions workflow run. It shows that the workflow was successful and completed the `Hello world workflow` job, which consisted of two steps: `Checkout repository` and `Print a message`.
 
 The `Print a message` step executed the command `echo "Hello, GitHub Actions!"`, resulting in the output `Hello, GitHub Actions!` being displayed in the workflow log.