Google Git
Sign in
eclipse / gerrit / www.eclipse.org / kapua / b58f151c1e7e28f70587a0e4749ed44a345bb976 / . / docs / 0.2.0 / developer-guide / en / sso.html
blob: d642fd84594e3f19f4024d454e069a96333e14a3 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="" >
<head>
<meta charset="UTF-8">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Single sign-on · Eclipse Kapua™ Developer Guide</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="description" content="">
<meta name="generator" content="GitBook 3.2.2">
<link rel="stylesheet" href="gitbook/style.css">
<link rel="stylesheet" href="gitbook/gitbook-plugin-hints/plugin-hints.css">
<link rel="stylesheet" href="gitbook/gitbook-plugin-highlight/website.css">
<link rel="stylesheet" href="gitbook/gitbook-plugin-search/search.css">
<link rel="stylesheet" href="gitbook/gitbook-plugin-fontsettings/website.css">
<meta name="HandheldFriendly" content="true"/>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="gitbook/images/apple-touch-icon-precomposed-152.png">
<link rel="shortcut icon" href="gitbook/images/favicon.ico" type="image/x-icon">
<link rel="next" href="database.html" />
</head>
<body>
<div class="book">
<div class="book-summary">
<div id="book-search-input" role="search">
<input type="text" placeholder="Type to search" />
</div>
<nav role="navigation">
<ul class="summary">
<li class="chapter " data-level="1.1" data-path="./">
<a href="./">
Introduction
</a>
</li>
<li class="chapter " data-level="1.2" data-path="building.html">
<a href="building.html">
Building
</a>
<ul class="articles">
<li class="chapter " data-level="1.2.1" data-path="building.html">
<a href="building.html#kapua">
Kapua
</a>
</li>
<li class="chapter " data-level="1.2.2" data-path="building.html">
<a href="building.html#documentation">
Documentation
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.3" data-path="running.html">
<a href="running.html">
Running
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.1" data-path="running.html">
<a href="running.html#docker-containers">
Docker
</a>
</li>
<li class="chapter " data-level="1.3.2" data-path="running.html">
<a href="running.html#openshift">
OpenShift
</a>
</li>
<li class="chapter " data-level="1.3.3" data-path="running.html">
<a href="running.html#vagrant">
Vagrant
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.4" data-path="ide.html">
<a href="ide.html">
Setting up an IDE
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.1" data-path="ide.html">
<a href="ide.html#eclipse">
Eclipse IDE
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.5" >
<span>
Configuration
</span>
<ul class="articles">
<li class="chapter " data-level="1.5.1" >
<span>
Web Console
</span>
<ul class="articles">
<li class="chapter active" data-level="1.5.1.1" data-path="sso.html">
<a href="sso.html">
Single sign-on
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.6" data-path="database.html">
<a href="database.html">
Working with database
</a>
</li>
<li class="chapter " data-level="1.7" data-path="client.html">
<a href="client.html">
Client generation
</a>
</li>
<li class="chapter " data-level="1.8" data-path="qa.html">
<a href="qa.html">
QA process
</a>
</li>
<li class="divider"></li>
<li>
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
Published with GitBook
</a>
</li>
</ul>
</nav>
</div>
<div class="book-body">
<div class="body-inner">
<div class="book-header" role="navigation">
<!-- Title -->
<h1>
<i class="fa fa-circle-o-notch fa-spin"></i>
<a href="." >Single sign-on</a>
</h1>
</div>
<div class="page-wrapper" tabindex="-1" role="main">
<div class="page-inner">
<div id="book-search-results">
<div class="search-noresults">
<section class="normal markdown-section">
<h1 id="single-sign-on-sso">Single sign-on (SSO)</h1>
<p>This section describes the single sign-on integration of Eclipse Kapua.</p>
<h2 id="openshift">OpenShift</h2>
<p>This project provides a template to bootstrap single sign-on based on <a href="http://keycloak.org" target="_blank">Keycloak</a>.
The scripts for this are located in the director <code>kapua.git/dev-tools/src/main/openshift/sso</code>.</p>
<p>Assuming you have already installed Kapua into OpenShift, it is possible to run the script <code>deploy</code>, which
will create a new build and deployment configuration in OpenShift. This is based on the official Keycloak Docker
image <code>jboss/keycloak</code>, adding a few steps for initial provisioning.</p>
<p><div class="alert alert-danger hints-alert"><div class="hints-icon"><i class="fa fa-exclamation-circle"></i></div><div class="hints-container"><p>The default setup uses an ephemeral storage. So re-starting the Keycloak pod will delete the configuration unless
you re-configure the setup with a persistent volume.</p>
</div></div> </p>
<p>For this configuration to work, you will need some existing SMTP server which is capable of sending e-mails.
This is required so that Keycloak can send user verification and password recovery e-mails. If you don&apos;t have
and local SMTP server it is also possible to use some cloud based service like Mailgun, SendGrid or any other
provider.</p>
<p>The deployment is triggered by running the <code>deploy</code> script with a set of environment variables. Assuming your
are using <code>bash</code> as shell, this can be done like this:</p>
<pre><code>SMTP_HOST=smtp.server.org SMTP_USER=user SMTP_PASSWORD=secret SMTP_FROM=sender@my.domain ./deploy
</code></pre><p>The following environment variables are being used:</p>
<dl>
<dt>SMTP_HOST (required)</dt>
<dd>The host name or IP address of the SMTP server</dd>
<dt>SMTP_PORT (optional)</dt>
<dd>The port number of the SMTP service</dd>
<dt>SMTP_FROM (required)</dt>
<dd>The sender e-mail used in the e-mail</dd>
<dt>SMTP_USER (required)</dt>
<dd>The user name used to authenticate with the SMTP server</dd>
<dt>SMTP_PASSWORD (required)</dt>
<dd>The password used to authenticate with the SMTP server</dd>
<dt>SMTP_ENABLE_SSL (optional)</dt>
<dd>If SSL should be used instead of STARTTLS</dd>
<dt>KEYCLOAK_ADMIN_PASSWORD (optional)</dt>
<dd>The password which will be assigned to the Keycloak admin user. The default is to generate a password.</dd>
</dl>
<p>After the build and deployment configuration was creates the script will also re-configure the Kapua OpenShift project
to use the newly created Keycloak instance. This is done by calling the script <code>activate</code>. The <code>activate</code> script
can be called at a later time to re-configure Kapua (e.g. when re-installing Kapua).</p>
<p>Both scripts (<code>deploy</code> and <code>activate</code>) require both Kapua and Keycloak URLs. Keycloak requires the Kapua web console
URL in order to allow request from this source, while Kapua requires the Keycloak URL in order to forward requests to Keyloak.</p>
<p>The URLs are being constructed from OpenShift routes, which are configured for both Kapua and Keycloak. However this requires
that Kapua is set up before Keycloak and that the <code>activate</code> script can only be called after the <code>deploy</code> script
has been successfully run.</p>
</section>
</div>
<div class="search-results">
<div class="has-results">
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
<ul class="search-results-list"></ul>
</div>
<div class="no-results">
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
</div>
</div>
</div>
</div>
</div>
</div>
<a href="database.html" class="navigation navigation-next navigation-unique" aria-label="Next page: Working with database">
<i class="fa fa-angle-right"></i>
</a>
</div>
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"Single sign-on","level":"1.5.1.1","depth":3,"next":{"title":"Working with database","level":"1.6","depth":1,"path":"database.md","ref":"database.md","articles":[]},"previous":{"title":"Web Console","level":"1.5.1","depth":2,"ref":"","articles":[{"title":"Single sign-on","level":"1.5.1.1","depth":3,"path":"sso.md","ref":"sso.md","articles":[]}]},"dir":"ltr"},"config":{"plugins":["hints"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"hints":{"danger":"fa fa-exclamation-circle","info":"fa fa-info-circle","tip":"fa fa-mortar-board","working":"fa fa-wrench"},"highlight":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"github":"eclipse/kapua","theme":"default","githubHost":"https://github.com/","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"Eclipse Kapua™ Developer Guide","links":{"home":"http://eclipse.org/kapua"},"gitbook":"3.x.x","description":"Eclipse Kapua™ Developer Guide"},"file":{"path":"sso.md","mtime":"2017-07-19T09:03:52.000Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2017-07-19T09:20:21.287Z"},"basePath":".","book":{"language":""}});
});
</script>
</div>
<script src="gitbook/gitbook.js"></script>
<script src="gitbook/theme.js"></script>
<script src="gitbook/gitbook-plugin-search/search-engine.js"></script>
<script src="gitbook/gitbook-plugin-search/search.js"></script>
<script src="gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
<script src="gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
<script src="gitbook/gitbook-plugin-sharing/buttons.js"></script>
<script src="gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
</body>
</html>