This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_oauth2 [2023/11/06 11:14] val [Keycloak] |
сервис_oauth2 [2023/11/07 08:20] val |
||
---|---|---|---|
Line 15: | Line 15: | ||
===== Keycloak ===== | ===== Keycloak ===== | ||
- | ==== Установка, запуск и базовая конфигурация ==== | + | ==== Установка и запуск ==== |
+ | |||
+ | * [[Пакет OpenSSL#Создание самоподписанного сертификата]] | ||
+ | |||
+ | === bare metal === | ||
* [[https://www.keycloak.org/getting-started/getting-started-zip|Get started with Keycloak on bare metal]] | * [[https://www.keycloak.org/getting-started/getting-started-zip|Get started with Keycloak on bare metal]] | ||
* [[Сервис JRE]] | * [[Сервис JRE]] | ||
- | * [[Пакет OpenSSL#Создание самоподписанного сертификата]] | ||
<code> | <code> | ||
Line 25: | Line 29: | ||
server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=root KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certific=/root/server.crt --https-certificate-key-file=/root/server.key | server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=root KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certific=/root/server.crt --https-certificate-key-file=/root/server.key | ||
</code> | </code> | ||
+ | |||
+ | === Docker === | ||
+ | |||
+ | * [[https://swjm.blog/deploying-keycloak-with-ssl-in-just-10-minutes-46073e5cf699|Deploying Keycloak with SSL in just 10 minutes!]] | ||
+ | * [[https://github.com/JMarkstrom/Keycloak/blob/main/files/keycloak.yml]] | ||
+ | |||
+ | <code> | ||
+ | server# cp /root/server.crt /etc/ssl/certs/ | ||
+ | server# cp /root/server.key /etc/ssl/private/ | ||
+ | |||
+ | server# chmod 750 /etc/ssl/private/ | ||
+ | server# chmod 640 /etc/ssl/private/server.key | ||
+ | server# chgrp -R docker /etc/ssl/private/ | ||
+ | |||
+ | </code> | ||
+ | |||
+ | ==== Подключение ==== | ||
* https://server.corp13.un:8443/ | * https://server.corp13.un:8443/ | ||
+ | |||
+ | ==== Базовая конфигурация ==== | ||
<code> | <code> | ||
Line 61: | Line 84: | ||
Key tab: /etc/krb5.keytab | Key tab: /etc/krb5.keytab | ||
Allow password authentication: yes | Allow password authentication: yes | ||
+ | |||
+ | Authentication | ||
+ | browser | ||
+ | Kerberos: Disabled | ||
+ | (иначе появляется всплывающее окно аутентификации, можно оставить если пользователи в домене) | ||
+ | | ||
</code> | </code> |