Giter Site home page Giter Site logo

keycloak's Introduction

How to use Keycloak for DKP OAuth Client

Requirements

  • Running DKP Enterprise
  • Running Keycloak

Install keycloak using HELM charts:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/keycloa

Setup Keycloak Realm + Client

  1. Login at Keycloak as admin

  2. Create realm

  3. Switch realm to new created

  4. Select Client Scopes

  5. Add client scope

  • Name: groups
  • Type: Default
  • Display on consent screen: On
  • Include in token scope: On

  1. Click on created client scope -> Mappers

  2. Create Mapper

  • Mapper Type: Group Membership
  • Name: Groups Mapper
  • Token Claim Name: groups
  • Full group path: Off
  • Add to ID token: On
  • Add to access token: On
  • Add to userinfo: On

  1. Go to Clients

  2. Create Client

  • Client type: OpenID Connect
  • Client ID: Name / Url / ID
  • Client Authentication: On
  • Authentication Flow:
    • Standard flow: On
    • Implicit flow: On
    • Direct grant access: On
    • Service account roles: On
  • Root url: https://
  • Home url: https://
  • Valid redirect url: https:///dex/callback
  1. Switch to client scopes of the client -> Add client scope
  • Select `groups``
  • Type: Default

  1. Switch to Credentials and copy `Client secret``

  2. Switch to Groups -> Add Groups:

  • Add 2 groups:
    • Name: dkp-admins
    • Name: dkp-users
  1. Switch to Users -> Add User:
  • Add user1
    • Name: user1
    • First Name: Normal
    • Last Name: User
    • Email: [email protected]
    • Password: random
    • Groups:
      • dkp-users
  • Add admin1
    • Name: admin1
    • First Name: Admin
    • Last Name: User
    • Email: [email protected]
    • Password: random2
    • Groups:
      • dkp-users
      • dkp-admins

Setup Kommander Identity Provider

  1. Login to DKP Enterprise

  2. Go to Identity Providers -> Add Identity Provider

  • Type: OIDC
  • Name: Keycloak
  • Client ID:
  • Client Secret:
  • Issuer: https:///auth/realms/
  • Insecure Enable Groups: On
  • Get User Info: On
  1. Go to Identity Providers -> Groups -> Create Group
  • dkp-users
    • Name: dkp-users
    • Identity Provider Group: oidc:dkp-users
  • dkp-users
    • Name: dkp-admins
    • Identity Provider Group: oidc:dkp-admins
  1. Go to Access Control -> Cluster Role Bindings -> Edit Groups
  • dkp-users:
    • Roles:
      • View Role
      • dkp-kommander-view
  • dkp-admins:
    • Roles:
      • Cluster Admin role
      • Admin role
      • dkp-kommander-admin

Test it!

keycloak's People

Contributors

swiftsuretech avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.