Coder Social home page Coder Social logo

bboortz / brokerage-aaa-demo Goto Github PK

View Code? Open in Web Editor NEW
2.0 3.0 0.0 129 KB

Demonstrate Authentication Authorization and Access Control using a Brokerage

License: Apache License 2.0

Shell 100.00%
authentication authorization access control brokerage idp

brokerage-aaa-demo's Introduction

brokerage-aaa-demo

This project is demonstrating how to setup authentication, authorization and access control using a brokerage. With a brokerage the authentication will be delegated to an upstream idp.

  • Authentication is happening using a keycloak with this realms
    • upstreamidp1 for user base 1
    • upstreamidp2 for user base 2
  • Authorization is happening using
    • keycloak-proxy which is protecting the access to an example application
  • Access Control is happening using a keycloak which acts a a broker. it is in charge of
    • defining the roles for dedicated users.

Requirements

  • some linux distribution like Arch Linux or Debian
  • docker
  • docker-compose
  • cfssl

Components

The used components are used as docker container and will be started using docker-compose:

Architecture

The overall architecture looks like this: Overall Architecture

These roles are known

  • application user - authenticates and is using the application
  • security account manager - manages accounts in IAM systems
  • security role manager - manages the roles in the broker
  • developer - has developed the application and is the defining the policies for an authorization

Preperation

Add necessary host entries to /etc/host file

127.0.0.1       debug.aaa.demo
127.0.0.1       app.aaa.demo
127.0.0.1       api.keycloak.aaa.demo mgmt.keycloak.aaa.demo

How to start the demo?

Run ./start.sh

It starts several services:

  1. postgres database
  2. keycloak with 4 realms https://api.keycloak.aaa.demo
  3. keycloak-gatekeeper https://app.aaa.demo with protects the demo application
  4. demo application
  5. httpbin for debugging https://debug.aaa.demo
  6. traefik as a lightweight loadbalancer

How to use the demo application?

  1. Access http://app.aaa.demo. You will be redirected to the Broker
  2. Login directly at the broker or at another upstream idp. You are logged in and will be redirected back to the demo application

How to manage user access?

  1. Access http://api.keycloak.aaa.demo.
  2. login with admin user from Keycloak Master
  3. Go to "Manage Users" on left menu
  4. Select a user and click the button edit
  5. Go to roles tab

Credentials

Keycloak Master

  • admin / 11111111

Keycloak Broker

  • brokeruser1 / brokeruser1

Keycloak UpstreamIDP1

  • idp1user1 / idp1user1

Keycloak UpstreamIDP2

  • idp2user1 / idp2user1

Links

brokerage-aaa-demo's People

Contributors

bboortz avatar

Stargazers

 avatar  avatar

Watchers

 avatar  avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.