User Tools
сервис_keycloak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_keycloak [2025/08/22 17:22] val [REST API] |
сервис_keycloak [2025/10/10 11:42] (current) val [Аутентификация пользователей WEB приложения] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Сервис Keycloak ====== | ====== Сервис Keycloak ====== | ||
| + | * [[Практические примеры Keycloak]] | ||
| ===== Установка и запуск ===== | ===== Установка и запуск ===== | ||
| Line 112: | Line 113: | ||
| * [[https://github.com/bitnami/charts/tree/keycloak/17.3.6/bitnami/keycloak]] | * [[https://github.com/bitnami/charts/tree/keycloak/17.3.6/bitnami/keycloak]] | ||
| * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]] | * [[https://github.com/helm/helm/issues/11000|issues: helm search repo chart <oci-repo/oci-chart> --versions for OCI]] | ||
| + | |||
| + | * [[Сервис PostgreSQL]] | ||
| + | * Kubernetes [[Система Kubernetes#secrets tls]] | ||
| <code> | <code> | ||
| ~/$ helm repo add bitnami https://charts.bitnami.com/bitnami; helm search repo bitnami/keycloak --versions; helm repo remove bitnami | ~/$ helm repo add bitnami https://charts.bitnami.com/bitnami; helm search repo bitnami/keycloak --versions; helm repo remove bitnami | ||
| + | |||
| + | ~/$ KC_HC_VER=17.3.6 | ||
| + | ~/$ #KC_HC_VER=25.2.0 | ||
| ~/$ mkdir keycloak; cd keycloak | ~/$ mkdir keycloak; cd keycloak | ||
| - | ~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | + | ~/keycloak$ ###helm pull oci://registry-1.docker.io/bitnamicharts/keycloak --version $KC_HC_VER |
| - | ~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee keycloak.yaml | less | + | ~/keycloak$ helm template my-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version $KC_HC_VER | tee keycloak.yaml | less |
| /PersistentVolumeClaim | /PersistentVolumeClaim | ||
| </code> | </code> | ||
| Line 128: | Line 135: | ||
| <code> | <code> | ||
| - | ~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak --version 17.3.6 | tee values.yaml.orig | + | ~/keycloak$ helm show values oci://registry-1.docker.io/bitnamicharts/keycloak --version $KC_HC_VER | tee values.yaml.orig |
| | | ||
| ~/keycloak$ cat values.yaml | ~/keycloak$ cat values.yaml | ||
| </code><code> | </code><code> | ||
| + | global: | ||
| + | security: | ||
| + | allowInsecureImages: true | ||
| + | image: | ||
| + | repository: bitnamilegacy/keycloak | ||
| + | |||
| auth: | auth: | ||
| adminUser: admin | adminUser: admin | ||
| Line 141: | Line 154: | ||
| ingressClassName: nginx | ingressClassName: nginx | ||
| hostname: keycloak.corp13.un | hostname: keycloak.corp13.un | ||
| + | # tls: true | ||
| + | # extraTls: | ||
| + | # - hosts: | ||
| + | # - keycloak.corp13.un | ||
| + | # secretName: keycloak-tls | ||
| + | |||
| #replicaCount: 2 | #replicaCount: 2 | ||
| Line 183: | Line 202: | ||
| # name: themes | # name: themes | ||
| </code><code> | </code><code> | ||
| - | ~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version 17.3.6 | less | + | ~/keycloak$ ###helm template my-keycloak -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version $KC_HC_VER | less |
| - | ~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --create-namespace --version 17.3.6 | + | ~/keycloak$ helm upgrade my-keycloak -i -f values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version $KC_HC_VER --create-namespace |
| ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch | ~/keycloak$ kubectl -n my-keycloak-ns get pods -o wide --watch | ||
| Line 234: | Line 253: | ||
| Client ID: any-client | Client ID: any-client | ||
| Valid redirect URIs: * | Valid redirect URIs: * | ||
| + | | ||
| + | может понадобиться включить | ||
| + | Direct access grants | ||
| </code> | </code> | ||
| Line 310: | Line 332: | ||
| username -> | username -> | ||
| LDAP Attribute: sAMAccountName | LDAP Attribute: sAMAccountName | ||
| + | </code> | ||
| + | |||
| + | === FreeIPA === | ||
| + | <code> | ||
| + | Vendor: Other | ||
| + | |||
| + | Connection URL: ldap://server.corpX.un | ||
| + | |||
| + | Bind type: none | ||
| + | или, для выгрузки email | ||
| + | Bind type: simple | ||
| + | Bind DN: uid=admin,cn=users,cn=accounts,dc=corp13,dc=un | ||
| + | |||
| + | Edit mode: READ_ONLY | ||
| + | |||
| + | Users DN: cn=users,cn=compat,dc=corpX,dc=un | ||
| + | Users DN: cn=users,cn=accounts,dc=corpX,dc=un | ||
| + | ... | ||
| + | Username LDAP attribute: uid | ||
| + | ... | ||
| + | RDN LDAP attribute: uid | ||
| + | ... | ||
| + | UUID LDAP attribute: ipaAnchorUUID | ||
| + | UUID LDAP attribute: uid | ||
| </code> | </code> | ||
| Line 422: | Line 468: | ||
| # -d '{ "type": "password", "temporary": false, "value": "kcpassword1" }' | # -d '{ "type": "password", "temporary": false, "value": "kcpassword1" }' | ||
| - | #curl -SskX DELETE "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${UPD_USER_ID}" \ | + | #curl -SskX DELETE "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \ |
| # -H "Authorization: Bearer ${ACCESS_TOKEN}" | # -H "Authorization: Bearer ${ACCESS_TOKEN}" | ||
| </code><code> | </code><code> | ||
сервис_keycloak.1755872528.txt.gz · Last modified: 2025/08/22 17:22 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
