keycloak

Open Source Identity and Access Management.

• https://www.keycloak.org/

OIDC

• https://www.scottbrady91.com/OpenID-Connect/OpenID-Connect-Overview

OpenID Connect (OIDC) provides a simple identity layer on top of the OAuth 2.0 protocol, enabling Single Sign-On (SSO) and API access in one round trip. It brings the missing user authentication story and identity layer to OAuth.

Steps setup realm

   1 cd /tmp
   2 wget https://github.com/keycloak/keycloak/releases/download/14.0.0/keycloak-14.0.0.zip
   3 unzip -t keycloak-14.0.0.zip
   4 unzip keycloak-14.0.0.zip
   5 cd ~/tmp/keycloak-14.0.0/bin
   6 sh standalone.sh 
   7 http://localhost:8080/auth

* http://localhost:8080/auth Administration Console User: admin Password: admin Password confirmation: admin Click on Create

http://localhost:8080/auth/admin/master/console/#/realms/master login with admin:admin http://localhost:8080/auth/admin/master/console/#/create/realm Name: MyRealm Enabled: On Click on Create http://localhost:8080/auth/admin/master/console/#/realms/MyRealm

Go to Users Click on Add user Username: myuser User enabled: ON Save http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/users

Select user myuser, Select credentials tab, Password: mypwd Password confirmation: mypwd, Temporary: off Click on "Set Password"

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/roles http://localhost:8080/auth/admin/master/console/#/create/role/MyRealm Add role USER to MyRealm Role name: USER Click on Save

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/users select user myuser select tab Role mappings select user and click on add selected

Signout http://localhost:8080/auth/realms/MyRealm/account/

http://localhost:8080/auth/admin/master/console/#/realms/MyRealm/clients click on create client id: curl_confidential client protocol: openid-connect root url: http://localhost:8080 Click on save

Clients Curl_confidential settings: access-type: confidential Should appear tab Credentials Client authenticator: Client ID and secret Click on "Regenerate Secret" # 3a862f1b-6687-4f7a-8e04-be494fca99e0

Clients Curl_confidential Mappers Add builtin "realm roles", "groups" add selected For each map add "Add to userinfo"

Clients Curl_confidential Scope, select full scope allowed: ON

realm: MyRealm user pwd: myuser mypwd client id: curl_confidential protocol: openid-connect Curl_confidential settings: access-type confidential valid redirect url http://localhost:8080 tab credentials: regenerate secret 3a862f1b-6687-4f7a-8e04-be494fca99e0