Differences between revisions 5 and 8 (spanning 3 versions)

keycloak

Open Source Identity and Access Management.

https://www.keycloak.org/

OIDC

https://www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Overview

OpenID Connect (OIDC) provides a simple identity layer on top of the OAuth 2.0 protocol, enabling Single Sign-On (SSO) and API access in one round trip. It brings the missing user authentication story and identity layer to OAuth.

Steps setup realm

   1 cd /tmp
   2 wget https://github.com/keycloak/keycloak/releases/download/14.0.0/keycloak-14.0.0.zip
   3 unzip -t keycloak-14.0.0.zip
   4 unzip keycloak-14.0.0.zip
   5 cd ~/tmp/keycloak-14.0.0/bin
   6 sh standalone.sh 
   7 http://localhost:8080/auth

* http://localhost:8080/auth Administration Console User: admin Password: admin Password confirmation: admin Click on Create

http://localhost:8080/auth/admin/master/console/#/realms/master login with admin:admin http://localhost:8080/auth/admin/master/console/#/create/realm Name: MyRealm Enabled: On Click on Create http://localhost:8080/auth/admin/master/console/#/realms/MyRealm

Go to Users Click on Add user Username: myuser User enabled: ON Save http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/users

Select user myuser, Select credentials tab, Password: mypwd Password confirmation: mypwd, Temporary: off Click on "Set Password"

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/roles http://localhost:8080/auth/admin/master/console/#/create/role/MyRealm Add role USER to MyRealm Role name: USER Click on Save

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/users select user myuser select tab Role mappings select user and click on add selected

Signout http://localhost:8080/auth/realms/MyRealm/account/

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/clients click on create client id: curl_confidential client protocol: openid-connect root url: http://localhost:8080 Click on save

Clients Curl_confidential settings: access-type: confidential Should appear tab Credentials Client authenticator: Client ID and secret Click on "Regenerate Secret" # 3a862f1b-6687-4f7a-8e04-be494fca99e0

Clients Curl_confidential Mappers Add builtin "realm roles", "groups" add selected For each map add "Add to userinfo"

Clients Curl_confidential Scope, select full scope allowed: ON

realm: MyRealm user pwd: myuser mypwd client id: curl_confidential protocol: openid-connect Curl_confidential settings: access-type confidential valid redirect url http://localhost:8080 tab credentials: regenerate secret 3a862f1b-6687-4f7a-8e04-be494fca99e0

-  ⇤ ← Revision 5 as of 2021-07-09 14:45:49 → 
  Size: 1236
  Editor: localhost
  Comment:
+   ← Revision 8 as of 2021-07-09 17:47:37 → ⇥
  Size: 2695
  Editor: localhost
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 4:
+== OIDC ==
 * https://www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Overview
OpenID Connect (OIDC) provides a simple identity layer on top of the OAuth 2.0 protocol, enabling Single Sign-On (SSO) and API access in one round trip. It brings the missing user authentication story and identity layer to OAuth.
-Line 14:
+Line 18:
-# admin admin admin create 
# http://localhost:8080/auth/admin/master/console/#/realms/master
# Master, add realm, MyRealm , create 
# Users, add user, myuser
# select user, credentials, mypwd mypwd, temporary off 
# Add role USER to MyRealm
# Make user myuser have role USER
# signout
# http://localhost:8080/auth/realms/MyRealm/account/
# realm: MyRealm
# user pwd: myuser mypwd
# client id: curl_confidential
# protocol: openid-connect
# Curl_confidential  settings: access-type confidential
# valid redirect url http://localhost:8080
# tab credentials: regenerate secret 6dfe5f84-d115-4d3e-8a56-a0fcf5b2f13e
curl -d 'client_id=curl_confidential' -d 'client_secret=6dfe5f84-d115-4d3e-8a56-a0fcf5b2f13e' -d 'username=myuser' -d 'password=mypwd' -d 'grant_type=password' 'http://localhost:8080/auth/realms/MyRealm/protocol/openid-connect/token'
-Line 32:
+Line 19:
+* http://localhost:8080/auth
Administration Console
User: admin 
Password: admin 
Password confirmation: admin 
Click on Create
 
http://localhost:8080/auth/admin/master/console/#/realms/master
login with admin:admin
http://localhost:8080/auth/admin/master/console/#/create/realm
Name: MyRealm
Enabled: On
Click on Create
http://localhost:8080/auth/admin/master/console/#/realms/MyRealm

Go to Users
Click on Add user
Username: myuser
User enabled: ON
Save 
http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/users

Select user myuser, 
Select credentials tab, 
Password: mypwd 
Password confirmation: mypwd, 
Temporary: off 
Click on "Set Password"

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/roles
http://localhost:8080/auth/admin/master/console/#/create/role/MyRealm
Add role USER to MyRealm
Role name: USER
Click on Save 

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/users
select user myuser 
select tab Role mappings
select user and click on add selected

Signout
http://localhost:8080/auth/realms/MyRealm/account/

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/clients
click on create 
client id: curl_confidential
client protocol: openid-connect
root url: http://localhost:8080
Click on save 

Clients Curl_confidential  settings: 
access-type: confidential
Should appear tab Credentials 
Client authenticator: Client ID and secret
Click on "Regenerate Secret"
# 3a862f1b-6687-4f7a-8e04-be494fca99e0

Clients Curl_confidential Mappers Add builtin "realm roles", "groups"
add selected 
For each map add "Add to userinfo"

Clients Curl_confidential Scope, 
select full scope allowed: ON

realm: MyRealm
user pwd: myuser mypwd
client id: curl_confidential
protocol: openid-connect
Curl_confidential  settings: 
access-type confidential
valid redirect url http://localhost:8080
tab credentials: regenerate secret 3a862f1b-6687-4f7a-8e04-be494fca99e0