-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
84ab355
commit b898b64
Showing
25 changed files
with
146 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| --- | ||
| title: keycloak | ||
| authorName: Amrita Shrestha | ||
| authorAvatar: https://avatars.githubusercontent.com/u/54478846?s=100&v=4 | ||
| authorLink: https://github.com/amrita-shrestha | ||
| createdAt: March 26, 2024 | ||
| tags: Keycloak | ||
| banner: https://blog.jankaritech.com/src/assets/keycloak/images/keycloak.png | ||
| --- | ||
|
|
||
| ## Keycloak | ||
| Keycloak is an [open-source](https://github.com/keycloak/keycloak) project for Red Hat SSO. It provides `Identity and Access Management` solution designed to secure application services. | ||
| Additionally, it enables users to authenticate through various identity providers and use fine-grained permissions for regulating access to Software as a Service (SaaS) applications. | ||
| Keycloak alternatives are Auth0, Zluri, Microsoft Azure Active Directory, Okta, WSO2 Identity Server. | ||
|
|
||
| Keycloak facilitates the creation of a user database with customizable roles and groups, offering functionalities such as user management, registration, and password policy enforcement. | ||
| This makes it a comprehensive Identity and Access Management (IAM) solution for contemporary applications. Keycloak's API enables the integration of all these features into your application | ||
| without the need for additional coding. | ||
|
|
||
| Despite its extensive features, Keycloak does have certain limitations. One of these is the need for a more varied implementation approach. | ||
| Additionally, the following are some of the drawbacks associated with Keycloak: | ||
| 1. `Complex Server Deployment:` The manual process involved in deploying Keycloak on a server can be complicated, potentially affecting overall productivity. | ||
| 2. `Lack of Comprehensive Support Documentation:` Despite its robust functionalities, Keycloak could benefit from more efficient and extensive support documentation. This would make it easier for users to find suitable solutions to their problems. | ||
|
|
||
| ## Keycloak Features | ||
|  | ||
|
|
||
| 1. `Identity Broker:` | ||
| Identity Broker acts as a middleman, linking various service providers with different identity providers. It establishes trust with external identity providers to utilize their identities for accessing internal services offered by service providers. | ||
| Imagine textile company,which has two keycloak setups: one for customer and another for internal employees. If you want your employees to access external services without creating new accounts on customer keycloak, you can use the customer Keycloak | ||
| as the mediator and the customer Keycloak as the source in this scenario. | ||
|
|
||
| 2. `User federation:` | ||
| Keycloak provides the ability to integrate with existing LDAP or Active Directory severs. It also support implementation of your own provider such as a relational database. | ||
|
|
||
| 3. `Standard protocols:` | ||
| Keycloak base on three standard protocols i.e OpenID Connect, OAuth2.0, and SAML. | ||
|
|
||
| 4. `Password Policies:` | ||
| Keycloak contain different password policies i.e HashAlgorithm, Hashing Iterations, Digits, Lowercase Characters, Regular Expression and so on. | ||
|
|
||
| 5. `Single-Sign On:` | ||
| Keycloak facilitates a seamless login experience where users only need to sign in once to access multiple applications, eliminating the need for repeated logins. | ||
| This not only streamlines user experience but also simplifies identity management for administrators. | ||
|
|
||
| 6. `Social Login:` | ||
| Keycloak has built-in support for Google, Github, Facebook which help us to use social identity providers. | ||
|
|
||
| ## SetUp keycloak using docker | ||
| 1. Keycloak using docker image | ||
| ```bash | ||
| docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.2 start-dev | ||
| ``` | ||
|
|
||
| 2. Keycloak with postgres database using docker-compose | ||
|  | ||
|
|
||
| ## Why You Should Know Keycloak | ||
| 1. Open source | ||
| 2. Supports three different authentication protocols which give you the possibility to cover many applications with different security demands with a single tool. | ||
| 3. Provides web-based GUI which makes any configurations changes easier. | ||
| 4. Huge community support | ||
|
|
||
| ## When It May Not Be the Best Choice | ||
| 1. Enterprises seeking robust guarantees or support may find Keycloak lacking in this regard. As an open-source project, there are no assurances provided by its producer regarding its functionality or roadmap. | ||
| Support is community-driven, typically through platforms like Stack Overflow, with no guaranteed response times. | ||
| 2. If your application consists of a single application with just one client in the Keycloak realm, you won't benefit from Single Sign-On (SSO) capabilities. | ||
| 3. For applications solely reliant on a pure user database, Keycloak could be overkill. A database with specific tables may offer a simpler alternative, especially if you already have one set up. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| --- | ||
| title: keycloak Server | ||
| authorName: Amrita Shrestha | ||
| authorAvatar: https://avatars.githubusercontent.com/u/54478846?s=100&v=4 | ||
| authorLink: https://github.com/amrita-shrestha | ||
| createdAt: March 26, 2024 | ||
| tags: owncloud infinte scale, ocis, ocis-with-keycloak | ||
| banner: https://blog.jankaritech.com/src/assets/keycloak/images/keycloak-with-ocis.png | ||
| --- | ||
|
|
||
| [In previous blog](src/assets/keycloak/keycloak.md), we explored the topic of Keycloak. In this current post, our focus shifts to discussing the setup of OCIS with Keycloak. | ||
|
|
||
|
|
||
| ## Keycloak with ocis | ||
|
|
||
| ### Run services | ||
| Before setting up `ocis with keycloak`, it's essential to deploy `keycloak and ocis`. This blog details the deployment of `ocis and keycloak` via `docker compose`. | ||
| Using `Traefik`, `ocis and keycloak` has been served using certificates. | ||
| You can either download the code from [GitHub](https://github.com/amrita-shrestha/keycloak-ocis/blob/master/compose.yaml) or utilize the code provided below: | ||
|
|
||
| 1. Traefik configuration to serve keycloak and ocis with certificates | ||
|  | ||
|
|
||
|
|
||
| 2. Ocis setup to serve ocis | ||
| Note: `Keycloak IDP configurations` should not be missed on ocis environment section | ||
|  | ||
|
|
||
|
|
||
| 3. Keycloak setup with postgres database | ||
|  | ||
|
|
||
|
|
||
| ### Manual configuration for ocis on keycloak | ||
| 1. Go to ocis url: `https://host.docker.internal:9200/` | ||
|  | ||
|
|
||
| 2. Go to keycloak url: `https://host.docker.internal:8443/` | ||
|  | ||
|
|
||
| 3. Create new realm: `ocis` | ||
|  | ||
|  | ||
|
|
||
| 4. Add a new client: | ||
|  | ||
|
|
||
| - Client ID: `web` | ||
|  | ||
|
|
||
| - Root URL: `https://host.docker.internal:9200` | ||
|  | ||
|
|
||
| 5. Add realm roles: | ||
|
|
||
| - Role name: `ocisAdmin` | ||
|  | ||
|
|
||
| 6. Create a new user: | ||
|
|
||
| - Username: `admin` and other info | ||
|  | ||
|  | ||
|
|
||
| - Create password | ||
|  | ||
|  | ||
|
|
||
| - Role Mapping: Assign `ocisAdmin` role | ||
|  | ||
|  | ||
|
|
||
| 7. Update `roles` Client scope: `Client Scopes` -> `roles` | ||
| - `Mappers` -> `realm roles` -> `Token Claim Name=roles` | ||
|  | ||
|
|
||
| 8. Go to url `https://host.docker.internal:9200/` reload if already opened | ||
|  |