Giter Site home page Giter Site logo

indranilariunbold / docker-keycloak-sso Goto Github PK

View Code? Open in Web Editor NEW

This project forked from vikbert/docker-keycloak-sso

0.0 2.0 0.0 1.31 MB

A proof of concept "Single sign-on" with keycloak server container instance.

License: MIT License

JavaScript 21.52% HTML 73.46% Shell 5.02%

docker-keycloak-sso's Introduction

SSO Keycloak POC

This SSO Demo uses four container instances:

  • keycloak: the OAuth2(OpenID connection) server instance
  • db: the mysql server instance for keycloak backend
  • app1: simple web app
  • app2: simple web app
version: '2'

services:
  db:
      image: mysql
      environment:
          - MYSQL_DATABASE=keycloak
          - MYSQL_USER=keycloak
          - MYSQL_PASSWORD=password
          - MYSQL_ROOT_PASSWORD=root_password
      ports:
          - 3306:3306

  keycloak:
      image: jboss/keycloak
      environment:
          - KEYCLOAK_LOGLEVEL=DEBUG
          - KEYCLOAK_USER=admin
          - KEYCLOAK_PASSWORD=admin
          - DB_VENDOR=MYSQL
          - MYSQL_PORT_3306_TCP_ADDR=db
          - MYSQL_PORT_3306_TCP_PORT=3306
      links:
          - db:db
      ports:
          - 8080:8080
          - 9999:9990
          - 443:8443
      volumes:
          - ./data:/data

  app1:
      image: php:7.1-apache
      ports:
          - 8091:80
      volumes:
          - ./app1:/var/www/html

  app2:
      image: php:7.1-apache
      ports:
          - 8092:80
      volumes:
          - ./app2:/var/www/html

Test case:

The user tries to access the user profile page on one of the web app, and is redirected to login page on keycloak server at first.

If user is logged in, the further authentication on the other web apps will not be required.

Pre Install

Be sure that the docker engine & docker-compose are installed.

step 1:

start the container instanc bash doority.sh start

step 2:

Login on keycloak on localhost:8080 login keycloak

user: admin
password: admin

step 3:

create new realm named myrealm

add new realm

step 4:

create new clients named with web-app1 and web-app2 add new client

repeat the operation to create another client named web-app2

list clients

step 5:

create new user named demo add new user

user: demo
password: demo

step 6:

update the client credentials in app1/app.js with the created client credentials: client credentails

//app1/app.js
let keycloakConfig = {
    "realm": "myrealm",
    "auth-server-url": "http://127.0.0.1:8080/auth",
    "ssl-required": "external",
    "resource": "web-app1",
    "credentials": {
        "secret": "90d014fa-89bf-45b5-ab87-bcd8a9028c7f"
    },
    "confidential-port": 0,
    "clientId": "web-app1"
};

repeat the operation to update the credentials in app2

step 7:

open the two web apps on

http://localhost:8091/
http://localhost:8092/

web apps web apps

step 8:

click on the link named my account on web-app1, the user should be redirected to login page on the keycloak server http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth?client_id=web-app1&redirect_uri=http%3A%2F%2Flocalhost%3A8091%2Fme.html&state=228f9b01-2b83-446e-89ce-aac4bfba845e&nonce=82123d67-d176-403b-92aa-2303617d5183&response_mode=fragment&response_type=id_token%20token&scope=openid

Login with

user: demo
passL demo

After login, the user profile page will be shown: web apps

step 9:

click on the link named my account on web-app2, the user will NOT be redirected to login page, because of login on the web-app1 in the step 8.

To clean up the test instances

bash doority.sh clean

docker-keycloak-sso's People

Contributors

xz-zlab avatar vikbert avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.