User Tools
сервис_oauth2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_oauth2 [2023/11/06 11:16] val [Подключение БД пользователей Kerberos] |
сервис_oauth2 [2023/11/07 09:39] (current) val [Keycloak] |
||
|---|---|---|---|
| Line 15: | Line 15: | ||
| ===== Keycloak ===== | ===== Keycloak ===== | ||
| - | ==== Установка, запуск и базовая конфигурация ==== | + | * [[Сервис Keycloak]] |
| - | * [[https://www.keycloak.org/getting-started/getting-started-zip|Get started with Keycloak on bare metal]] | + | |
| - | * [[Сервис JRE]] | + | |
| - | * [[Пакет OpenSSL#Создание самоподписанного сертификата]] | + | |
| - | + | ||
| - | <code> | + | |
| - | server# wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.zip | + | |
| - | + | ||
| - | server:~/keycloak-22.0.5# KEYCLOAK_ADMIN=root KEYCLOAK_ADMIN_PASSWORD='strongpassword' bin/kc.sh start-dev --https-certific=/root/server.crt --https-certificate-key-file=/root/server.key | + | |
| - | </code> | + | |
| - | + | ||
| - | * https://server.corp13.un:8443/ | + | |
| - | + | ||
| - | <code> | + | |
| - | Create Realm->myrealm | + | |
| - | Users | + | |
| - | Add User | + | |
| - | user1/password1 | + | |
| - | </code> | + | |
| - | + | ||
| - | ==== Аутентификация пользователей WEB приложения ==== | + | |
| - | + | ||
| - | <code> | + | |
| - | Create Client | + | |
| - | Client ID: test-cgi | + | |
| - | Valid redirect URIs: http://gate.corp13.un/cgi-bin/test-cgi | + | |
| - | </code> | + | |
| - | + | ||
| - | * [[Сервис HTTP#Управление доступом к HTTP серверу с использованием OAuth2 аутентификации]] | + | |
| - | + | ||
| - | ==== Подключение БД пользователей Kerberos ==== | + | |
| - | + | ||
| - | * [[https://habr.com/ru/companies/slurm/articles/661209/|Как настроить Kerberos аутентификации в Keycloak]] | + | |
| - | + | ||
| - | * [[Настройка KDC серверов и клиентов#Настройка KDC]] | + | |
| - | * [[Регистрация ключей принципалов в KDC#Регистрация принципалов пользователей в базе данных kerberos]] | + | |
| - | * Создание принципала HTTP/server.corp13.un@CORP13.UN по аналогии с [[Аутентификация доступа к SQUID]] | + | |
| - | + | ||
| - | <code> | + | |
| - | User federation | + | |
| - | Kerberos | + | |
| - | UI display name: CORP13 | + | |
| - | Kerberos realm: CORP13.UN | + | |
| - | Server principal: HTTP/server.corp13.un@CORP13.UN | + | |
| - | Key tab: /etc/krb5.keytab | + | |
| - | Allow password authentication: yes | + | |
| - | + | ||
| - | Authentication | + | |
| - | browser | + | |
| - | + | ||
| - | </code> | + | |
сервис_oauth2.1699258572.txt.gz · Last modified: 2023/11/06 11:16 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
