forked from docs/blueprints
- added keycloak/github extra depths in chapters
This commit is contained in:
parent
5fd8051bca
commit
c4ae24d28a
@ -38,8 +38,11 @@ Deploy Keycloak
|
|||||||
You can follow this blueprint to setup a working instance of Keycloak on CCE:
|
You can follow this blueprint to setup a working instance of Keycloak on CCE:
|
||||||
:ref: `deploy_keycloak`.
|
:ref: `deploy_keycloak`.
|
||||||
|
|
||||||
|
Configure Keycloak & IAM
|
||||||
|
========================
|
||||||
|
|
||||||
Create a new Realm
|
Create a new Realm
|
||||||
==================
|
++++++++++++++++++
|
||||||
|
|
||||||
A realm manages users, credentials, roles, and groups. A user belongs to and logs into the realm he is assigned to.
|
A realm manages users, credentials, roles, and groups. A user belongs to and logs into the realm he is assigned to.
|
||||||
Realms are isolated from one another and can manage and authenticate only those users that they belong to them.
|
Realms are isolated from one another and can manage and authenticate only those users that they belong to them.
|
||||||
@ -52,7 +55,7 @@ this blueprint) and mark it as enabled:
|
|||||||
|
|
|
|
||||||
|
|
||||||
Create a new Client
|
Create a new Client
|
||||||
===================
|
+++++++++++++++++++
|
||||||
|
|
||||||
Clients are applications, or services, that can request the authentication of a user. Create a new client (let's call it
|
Clients are applications, or services, that can request the authentication of a user. Create a new client (let's call it
|
||||||
``otcac_test_company_1_client`` with type ``OpenID Connect`` and in the *Capability config* step of the wizard, activate the following Authentication
|
``otcac_test_company_1_client`` with type ``OpenID Connect`` and in the *Capability config* step of the wizard, activate the following Authentication
|
||||||
@ -67,7 +70,7 @@ flows:
|
|||||||
|
|
|
|
||||||
|
|
||||||
Configure Mappers
|
Configure Mappers
|
||||||
=================
|
+++++++++++++++++
|
||||||
|
|
||||||
Open the management console of the Client you just created, and navigate to the *Client scopes* tab. Click on the list
|
Open the management console of the Client you just created, and navigate to the *Client scopes* tab. Click on the list
|
||||||
item with the name: ``otcac_test_company_1_client-dedicated``:
|
item with the name: ``otcac_test_company_1_client-dedicated``:
|
||||||
@ -106,7 +109,7 @@ OTC Conversion Rules. Disable the `Full group path` option:
|
|||||||
|
|
|
|
||||||
|
|
||||||
Get OpenID Endpoint Configuration
|
Get OpenID Endpoint Configuration
|
||||||
=================================
|
+++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
Open `Realm Settings` and click on `OpenID Endpoint Configuration`:
|
Open `Realm Settings` and click on `OpenID Endpoint Configuration`:
|
||||||
|
|
||||||
@ -124,8 +127,8 @@ You will be redirected to web page rendering, as JSON, all the endpoints and the
|
|||||||
grab some values from it, for our the next steps.
|
grab some values from it, for our the next steps.
|
||||||
|
|
||||||
|
|
||||||
Create a new OTC Identity Provider
|
Create a new IAM Identity Provider
|
||||||
==================================
|
++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
For this step we will change to Open Telekom Cloud Console and particularly to IAM and Identity Providers. Create a new
|
For this step we will change to Open Telekom Cloud Console and particularly to IAM and Identity Providers. Create a new
|
||||||
one, and set `Protocol` to ``OpenID Connect``, `SSO Type` to ``Virtual User`` and `Status` to ``Enabled``:
|
one, and set `Protocol` to ``OpenID Connect``, `SSO Type` to ``Virtual User`` and `Status` to ``Enabled``:
|
||||||
@ -134,8 +137,8 @@ one, and set `Protocol` to ``OpenID Connect``, `SSO Type` to ``Virtual User`` an
|
|||||||
|
|
||||||
|
|
|
|
||||||
|
|
||||||
Configure the OTC Identity Provider
|
Configure the IAM Identity Provider
|
||||||
===================================
|
+++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
Find your newly created provider in Identity Providers list and click `Modify`:
|
Find your newly created provider in Identity Providers list and click `Modify`:
|
||||||
|
|
||||||
@ -160,7 +163,7 @@ Save the changes, **but before closing this panel copy the value** of the `Ident
|
|||||||
need this value in the next step of this blueprint.
|
need this value in the next step of this blueprint.
|
||||||
|
|
||||||
Configure Client's Access Settings
|
Configure Client's Access Settings
|
||||||
==================================
|
++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
For this step we will switch back to Keycloak Administration Console, and navigate to `Access Settings` for our client:
|
For this step we will switch back to Keycloak Administration Console, and navigate to `Access Settings` for our client:
|
||||||
|
|
||||||
@ -174,11 +177,21 @@ Set the following values:
|
|||||||
- `Home URL`: ``https://auth.otc.t-systems.com``
|
- `Home URL`: ``https://auth.otc.t-systems.com``
|
||||||
- `Valid redirect URIs`: ``https://auth.otc.t-systems.com/authui/oidc/post``
|
- `Valid redirect URIs`: ``https://auth.otc.t-systems.com/authui/oidc/post``
|
||||||
|
|
||||||
Create new GitHub OAuth App
|
GitHub Integration
|
||||||
===========================
|
==================
|
||||||
|
|
||||||
|
Add GitHub as Identity Provider
|
||||||
|
+++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
|
Create new GitHub OAuth App
|
||||||
|
+++++++++++++++++++++++++++
|
||||||
|
|
||||||
|
Configure GitHub Identity Provider
|
||||||
|
++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
|
Configure the IAM Identity Provider Conversion Rules
|
||||||
|
====================================================
|
||||||
|
|
||||||
Add GitHub as Identity Provider to Keycloak
|
|
||||||
===========================================
|
|
||||||
|
|
||||||
.. Next steps & Related Resources
|
.. Next steps & Related Resources
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user