Skip to content

Configure Directus to use Keycloak as Authentication Provider and build a secured API to manage resources

Notifications You must be signed in to change notification settings

epourail/pewpui

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PEWPUI

Introduction

Setup and run locally using docker-compose, the PEWPUI configuration using the Directus CMS-headless, the Keycloak as an IDP and a secured API to manage a directus collection.

Architecture

architecture.draw

  • The administrator is in charge to manage the CMS and the keycloak backoffice
  • The contributor is in charge to manage (create/update/delete) a unique collection (named "places") via jwt-protected endpoints.
  • The user can only read a unique collection (named "places") via an anonyous endpoint.

Services

Once launched and configured, the available services are:

Getting Started

Build process

In /etc/hosts, add

127.0.0.1 pewpui.mvp.local

Run:

docker-compose up -d --build

Test the Directus connection

Connect with the admin directus@example.com account on your Directus.

Test the Keycloak connection

Disconnect if you were already connected, and click on the Connect with Keycloak button. Connect with the default guest Keycloak user on your Directus.

Help

HOWTO setup HTTPS certificate

The ./configuration/kong/certs folder contains the certificate used by Kong.

Note 1: The certificate expiration date is really short so you might have to update the certificate with the following note. Note 2: You can create your own certificate with the following command line from the certifs folder (delete the old ones):

openssl req -x509 -out ./configuration/kong/certs/kong.crt -keyout ./configuration/kong/certs/kong.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=pewpui.mvp.local' -extensions EXT -config <( \
   printf "[dn]\nCN=pewpui.mvp.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:pewpui.mvp.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

HOWTO export the realm confguration

The ./configuration/keycloak/realm/realm-pewpui.json contains the Keycloak configuration used to setup the pewpui realm.

The following steps will export the pewpui realm in order to archive the configuration (under the git source control)

  1. setup the Keycloak confuration via the admin user interface
  2. create a docker-compose.override.yml file as follow to export the pewpui realm
version: '3.8'

services:
  keycloak:
    command: "export --file /opt/keycloak/data/tmp/realm-pewpui.json --realm pewpui --users realm_file"
    volumes:
    - ./configuration/keycloak/realm/realm-pewpui.json:/opt/keycloak/data/tmp/realm-pewpui.json:rw
  1. restart the docker-compose project
docker-compose up -d 

note: the directus and kong services will failed

  1. rollback the changes of the docker-compose.override.yml file
  2. restart the docker-compose project
docker-compose up -d 

HOWTO cleanup the docker-compose project

The following steps will delete all the containers/networks/volumes defined in the docker-compose project

  1. stop all the containers
docker-compose stop
  1. remove all the services (containers/networks/volumes)
docker-compose rm -fsv 
docker volume list
docker volume rm XXX

Where `XXX`` is the name of the volume to delete

About

Configure Directus to use Keycloak as Authentication Provider and build a secured API to manage resources

Topics

Resources

Stars

Watchers

Forks