-
Notifications
You must be signed in to change notification settings - Fork 2
Read this first
This page is intended to tell you about the architecture of the things here.
** The playbooks will probably not work out of the box on your environment!**
Study them and adapt them where needed.
Most important about a project like this is security. Having said that, don't expect it here.
This project is about proof of concepts. It will get you a working SSO setup for the applications mentioned. And trust me, that was already a lot of hard work! I'm no security expert, so no doubt things can be hardened.
This repo is based on "Release early, release often". So make an issue if you see options for improvements, but preferably accompanied by a PR.
There are multiple Single Sign On mechanisms:
- OpenID Connect
- SAML
- CAS
- OAuth2
- etc (probably)
And every application included in this repo supports at least one of those mechanisms.
The playbooks are written for the application in question. PLaybooks also contain comments. Even about things that didn't work.
The playbooks are currently for Ubuntu servers. It would be relatively easy to adapt them to other distributions.
Sometimes we use Apache web server, sometimes Nginx. The politically correct way to answer why is so that you see different solutions to similar problems.
The basic flow of a playbook is as follows:
- Get set up.
- Get authentication token from Keycloak server
- See if there is already a client definition
- Remove the current client definition
- Create a new client definition on Keycloak
- Retrieve needed things like shared secret in case of OpenID Connect authenticatoin
- Configure the current application as much as possible,
- If necessary notify sysadmin of remaining manual steps to perform.
We try not to overwrite things in the current application if not related to SSO. We try not to initialize a database contents. Still, always make a backup first!
Please read the playbook you like to deploy and understand what it does before using it!!!