Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak migration tracking issue #20

Open
3 tasks
shenanigansd opened this issue Aug 9, 2023 · 6 comments
Open
3 tasks

Keycloak migration tracking issue #20

shenanigansd opened this issue Aug 9, 2023 · 6 comments
Assignees
@shenanigansd
Labels
enhancement New feature or request

Comments

@shenanigansd
Copy link
Contributor

shenanigansd commented Aug 9, 2023
edited by Robin5605
Loading

Tracking issue for migrating from Auth0 to selfhosted Keycloak
@shenanigansd shenanigansd added the enhancement New feature or request label Aug 9, 2023
@shenanigansd shenanigansd self-assigned this Aug 9, 2023
@Robin5605
Copy link

keycloak 🥺

@shenanigansd
Copy link
Contributor Author

shenanigansd commented Aug 10, 2023
edited
Loading

keycloak 🥺

Link?
Details?
Pros/cons? (Of this vendor versus another vendor, not of the product itself)

@Robin5605
Copy link

Keycloak
Keycloak supports the client credentials flow with virtually an unlimited amount of clients (unlike Auth0) which is already an enticing choice for us.
I'm not entirely able to compare Keycloak with any other products (only other similar vendor I can think of is FusionAuth, and I've barely looked into that at all)
But Keycloak provides a central place to manage all our users, their permissions, and other settings we may need
It's also beneficial to our ongoing RabbitMQ migration, since it does have an OAuth2 plugin)
This way, we can use the same authentication server for both Mainframe and the message queue.

Those are just some of my initial thoughts, if anyone else has any vendors or suggestions I'm open to ideas.

@Robin5605
Copy link

I've done some testing with Keycloak and the Dragonfly API, it's actually very easy to implement - the only things we have to change are the Auth0-vendored stuff, like the issuer and JWKs URL which is needed for validating tokens
Those would have to be changed to a domain pointing at, say, keycloak.vipyrsec.com or auth.vipyrsec.com or something along those lines.

Getting Keycloak up and running on a local k8s cluster was also relatively easy, I'd be willing to PR the manifests if needed.

@Robin5605
Copy link

The move to Keycloak has been approved per this comment on Discord

@Robin5605 Robin5605 transferred this issue from vipyrsec/infrastructure Aug 18, 2023
@Robin5605 Robin5605 changed the title Explore federated auth Keycloak migration tracking issue Aug 18, 2023
@Robin5605 Robin5605 mentioned this issue Mar 13, 2024
Draft
@sid-maddy
Copy link

The move to Keycloak has been approved per this comment on Discord

The move to Keycloak has been put on hold per this comment on Discord

@sid-maddy sid-maddy moved this to 📋 Backlog in Dragonfly Roadmap Sep 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shenanigansd shenanigansd

Labels
enhancement New feature or request
Projects
Dragonfly Roadmap
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sid-maddy @shenanigansd @Robin5605