I-Keycloak yimveliso Isoftware evulekileyo ethi yenza ukuba ungene ngemvume (i-IdP) kunye noLawulo lweZazisi kunye noLawulo lokuFikelela yezicelo zale mihla kunye neenkonzo. Le software ibhalwe kwiJava kwaye ixhasa iinkqubo zembumba yesazisi ngokwakhona I-SAML v2 kunye ne-OpenID Connect (OIDC) / OAuth2. Inikwe ilayisensi ngu-Apache kwaye ixhaswe nguRed Hat.
Ukusuka kumbono wengcinga, Injongo yesixhobo kukulungiselela ukukhuselwa kwezicelo kunye neenkonzo ngokufihlakeleyo okuncinci okanye ukungabikho kwaphela. I-IdP ivumela usetyenziso (oluhlala lubizwa ngokuba nguMboneleli weNkonzo okanye i-SP) ukudlulisela ukungqinisisa kwayo.
Oku, phakathi kwezinye izinto, kunezibonelelo ezininzi:
- Ivumela abaphuhlisi ukuba bajolise ekusebenzeni kweshishini ngokungabi naxhala malunga nemiba yokhuseleko yokuqinisekiswa, nokuba kungokuhlanganiswa ngokuthe ngqo kwithala leencwadi elixhasa enye yeeprotokholi ezimbini okanye ngokusebenzisa imodyuli kwiseva yewebhu okanye iadaptha ye-Keycloak (engaphelelanga Uluhlu lwamathuba)
- Uyakwazi ukubeka embindini ubunyani kwaye ke unike amandla ukungena ngemvume (SSO)
- Uyakwazi ukudibanisa iindlela zokungqinisisa kwaye uzenze ziguquke ngaphandle kokuguqula usetyenziso.
- Ukuphinda unike ubungqina bokusetyenziswa kwesicelo se-SaaS kwaye ulawule ukwanda kwesazisi esidijithali; Ukwenza iiakhawunti zenziwe lula (ukucima iakhawunti ye-SaaS xa umsebenzi eshiya engasekhohliweyo).
Kwakhona ngaphakathi kweempawu zayo eziphambili, la manqaku alandelayo avela:
- Ukungena ngemvume okukodwa
- Inkxaso yemigaqo esemgangathweni
- Izicelo ezikhuselekileyo zeAkhawunti kunye nenkonzo eyenziwe lula
- Ukuthobela i-LDAP njengogcino lwabasebenzisi bangaphandle
- ukuqinisekiswa kogunyaziso (igama loluntu)
- ukusebenza okuphezulu: iklasta yeserver, inokwenzakala, ukufumaneka okuphezulu
- iyahambelana ngokupheleleyo nekhonteyina
- imixholo elula yokuphumeza
- Ubungqina obuqinileyo ngekhowudi yexesha elinye yemveli (OTP) ngeFreeOTP okanye isiQinisekisi sikaGoogle
- iingxaki zokuzenzekelayo xa ulibale iphasiwedi
- Ukwenza ngokuzenzekelayo iiakhawunti (kwifom okanye ekuthiwa kukungqinelwa kwezentlalo)
- iyandiswa: isiseko somsebenzisi, iindlela zokungqinisisa, iiprotocol.
Uyifaka njani i-Keycloak kwiLinux?
Ukuze ufake i-Keycloak kwikhompyuter yakho okanye kwiseva, Kuya kufuneka sikhuphele iphakheji ye-Keycloak yokugqibela, singayifumana le kwikhonkco elingezantsi.
Kule meko Siza kusebenzisa inguqulelo 7.0 eluhlobo lwamva nje olufumanekayo ngalo mzuzu.
Kuya kufuneka sivule i-terminal kwaye kuyo kufuneka sichwetheze lo myalelo ulandelayo:
wget https://downloads.jboss.org/keycloak/7.0.0/keycloak-7.0.0.tar.gz
Emva koko siza kukhulula ifayile kunye:
tar -xvzf keycloak-7.0.0.tar.gz
Yenza le nto siza kungena kwisikhombisi sesicelo yenziwe nje, ngenxa yoku siza kuchwetheza oku kulandelayo:
cd keycloak-7.0.0
cd bin
Ukuba ngaphakathi kolu lawulo Siza kuqhuba iserver ye-Keycloak ngalo myalelo ulandelayo:
./standalone.sh
Yenza le seva izakuqala kwaye ngoku lixesha lokuba usebenzise isikhangeli sewebhu, ukufikelela kwinkonzo Keycloak kuya kufuneka singene kule dilesi yewebhu ilandelayo http://localhost:8080/auth/ okanye kwimeko yokusebenzisa i-domain okanye idilesi ye-IP (kwiserver yewebhu) kuya kufuneka ungene kwindlela obeke kuyo ifolda ye-Keycloak.
Sele ungaphakathi kwiphepha le-Keycloak, apha siyabona ukuba kuya kufuneka senze iakhawunti yomlawuli, njengoko ubona kule skrini ilandelayo.
Xa usenza umsebenzisi wolawulo, ngoku isinika ithuba lokungena kwipaneli yomlawuli, Ukuba awufumani candelo, yiya kule khonkco ilandelayo, http: // localhost: 8080 / auth / admin /, apho ungangena khona kunye neziqinisekiso ozikhethile.
Ukususela ngoku ukuya phambili Bazokwazi ukulawula i-Keycloak, ukongeza abasebenzisi abatsha kunye nokuba nakho ukufaka iiadaptha.
Okokugqibela xa imeko inenguqulelo entsha kwaye bafuna ukuyihlaziya kule ngaphandle kokulahleka kwedatha yabo okanye ngokuziva bengakhuselekanga ngokusebenzisa indlela yohlaziyo yokutshintsha iifayile zenguqulo entsha ngaphezulu kwale sele benayo.
Kubalulekile ukugxininisa ukuba inkonzo mayimiswe ngexesha lale nkqubo.
Kwisiphelo, vele usebenze lo myalelo ulandelayo, kuba oku kufuneka babe ngaphakathi kolawulo oluphambili lweKeycloak
sh bin/jboss-cli.sh --file=bin/migrate-standalone.cli
Ukuba ufuna ukwazi ngakumbi ngayo, ungajonga amaxwebhu Kule khonkco ilandelayo.