Keycloak chigadzirwa vhura sosi software iyo inogonesa imwe-kusaina-pa (IdP) neChitupa Management uye Access Management zvekushandisa kwazvino uye masevhisi. Iyi software yakanyorwa muJava uye inotsigira zvitupa zvemubatanidzwa zvisirizvo SAML v2 uye OpenID Unganidzo (OIDC) / OAuth2. Inobvumidzwa neApache uye inotsigirwa neRed Hat.
Kubva pamaonero epfungwa, chinangwa che chishandiso ndechekufambisa kuchengetedzwa kwemashandisirwo nemasevhisi aine mashoma kana asina kunyorwa. IdP inobvumidza kunyorera (inowanzo kunzi Service Provider kana SP) kuendesa iko kusimbiswa.
Izvi zvine, pakati pezvimwe zvinhu, zvakanaka zvakawanda:
- Iyo inobvumira vanogadzira kuti vatarise pane bhizinesi mashandiro nekusafanirwa kunetseka nezvechengetedzeka maficha echokwadi, kungave nekubatanidza zvakananga raibhurari inotsigira imwe yeaya ma protocols kana nekushandisa module pawebhu webhu kana Keycloak adapter ( isina-yakazara runyorwa rwezvingaitika)
- Kukwanisa kuisa pakati pechokwadi uye nekudaro gonesa imwechete-kusaina kusimbisa (SSO)
- Kukwanisa kubatanidza nzira dzechokwadi uye woita kuti dzishanduke pasina kugadzirisa mashandisiro.
- Kudzoreredza SaaS kunyorera kwechokwadi uye nekudaro kudzora kuwanda kwemazita edhijitari; Kugadzirisa maakaunzi akareruka (kubvisa SaaS account kana mushandi achinge asisakanganwike).
Zvakare mukati mehunhu hwayo hukuru, pfungwa dzinotevera dzinobuda pachena:
- kusaina kamwe chete
- Tsigiro yemaprotocol akajairwa
- Akaunti yakachengeteka kunyorera uye seyakareruka sevhisi
- LDAP inoenderana sekunze mushandisi dura
- kuvimbiswa kutumirwa (social login)
- kuita kwepamusoro: sumbu remaseva, rinotyisa, kuwanikwa kukuru
- inoenderana zvizere necontactization
- misoro yakapusa yekushandisa
- kusimbiswa kwakasimba neyekuzvarwa imwe-nguva kodhi (OTP) kuburikidza neFreeOTP kana Google Authenticator
- auto-troubleshoot kana iwe ukakanganwa password yako
- otomatiki-kugadzirwa kwemaakaunzi (nefomu kana izvo zvinonzi magariro chokwadi)
- yakawedzera: mushandisi base, nzira dzechokwadi, maprotocol.
Maitiro ekuisa Keycloak paLinux?
Kuti uise Keycloak kungave pakombuta yako kana pane server, isu tinofanirwa kurodha yekupedzisira inowanikwa Keycloak package, tinogona kuwana izvi kubva pane iyi link iripazasi.
Yenyaya iyi Isu tinoshandisa vhezheni 7.0 inova iyo yazvino vhezheni inowanikwa panguva ino.
Tichafanirwa kuvhura terminal uye mairi isu tinongofanira kutaipa iwo unotevera kuraira:
wget https://downloads.jboss.org/keycloak/7.0.0/keycloak-7.0.0.tar.gz
Mushure meizvozvo ticha bvisa faira ne:
tar -xvzf keycloak-7.0.0.tar.gz
Waita izvi tave kuzopinda dhairekitori rekunyorera chingogadzirwa, nekuda kweizvi ticha kunyora zvinotevera:
cd keycloak-7.0.0
cd bin
Kuva mukati meichi dhairekitori isu ticha mhanyisa iyo Keycloak server nemirairo inotevera:
./standalone.sh
Waita izvi sevha ichatanga uye ikozvino inguva yekushandisa webhu browser, kuwana iyo Keycloak sevhisi tichafanirwa kuwana inotevera kero yewebhu http://localhost:8080/auth/ kana mune yekushandisa domeini kana IP kero (pane webhu server) uchafanirwa kuwana nzira iyo iwe yawakaisa iyo Keycloak dhairekitori.
Tatova mukati mekiyi Keycloak peji, pano tinogona kuona kuti isu tichafanirwa kugadzira iyo account yemutungamiri, sezvaungaona mune inotevera skrini.
Paunenge uchigadzira iyo admin mushandisi, ikozvino inotipa sarudzo yekupinda manejimendi pani, Kana iwe usingakwanise kuwana chikamu, ingo enda kunotevera chinongedzo, http: // localhost: 8080 / auth / admin /, kwaunogona kupinda mukati nehunyorwa hwawakasarudza.
Kubva zvino zvichienda mberi ivo vachakwanisa kubata Keycloak, kuwedzera vashandisi vatsva pamwe nekugona kuisa maadapter.
Chekupedzisira for when the kesi yekuti pane nyowani vhezheni uye ivo vanoda kugadzirisa kune izvi pasina kurasikirwa nedata ravo kana kungonzwa kusachengeteka kushandisa nzira yekuvandudza ichitsiva mafaera eshanduro nyowani pane iyo yavanotova nayo.
Izvo zvakakosha kusimbisa kuti sevhisi inofanirwa kumiswa panguva iyi maitiro.
Mune terminal, ingo mhanya unotevera kuraira, yeizvi ivo vanofanirwa kunge vari mukati mehukuru dhairekitori reKiyi
sh bin/jboss-cli.sh --file=bin/migrate-standalone.cli
Kana iwe uchida kuziva zvakawanda nezvazvo, unogona kubvunza zvinyorwa Mune inotevera chinongedzo.