I-Keycloak: isisombululo somthombo ovulekile nesisombululo sokuphathwa kokufinyelela

Darkcrizt

Imizuzu ye-4

I-KeyCloak

I-Keycloak ingumkhiqizo isoftware yomthombo ovulekile leyo inika amandla ukungena ngemvume okukodwa (i-IdP) nge-Identity Management ne-Access Management yezinhlelo zokusebenza zesimanje nezinsizakalo. Le software ibhalwe ngeJava futhi isekela izivumelwano zomfelandawonye ngokwazo I-SAML v2 ne-OpenID Connect (OIDC) / OAuth2. Inikwe ilayisense yi-Apache futhi isekelwa yiRed Hat.

Ngokombono womqondo, inhloso yethuluzi ukwenza lula ukuvikelwa kwezinhlelo zokusebenza nezinsizakalo ngokubethela okuncane noma okungekho nhlobo. I-IdP ivumela uhlelo lokusebenza (oluvame ukubizwa ngokuthi Umhlinzeki Wensizakalo noma i-SP) ukudlulisa ubuqiniso balo.

Lokhu, phakathi kwezinye izinto, kunezinzuzo ezimbalwa:

  • Ivumela abathuthukisi ukuthi bagxile ekusebenzeni kwebhizinisi ngokungakhathazeki ngezici zokuphepha zokufakazela ubuqiniso, kungaba ngokuhlanganisa ngqo umtapo wezincwadi osekela eyodwa yezivumelwano ezimbili noma ngokusebenzisa imodyuli ekuseva yewebhu noma i-adapter ye-Keycloak (engapheli uhlu lwamathuba)
  • Ukwazi ukufaka ukufakazela ubuqiniso phakathi nendawo ngakho-ke unike amandla ukufakazela ukungena ngemvume okukodwa (SSO)
  • Ukwazi ukuhlanganisa izindlela zokufakazela ubuqiniso futhi uzenze ziguquke ngaphandle kokushintsha izinhlelo zokusebenza.
  • Ukuphinda uvuselele ukuqinisekiswa kwesicelo se-SaaS futhi ngaleyo ndlela kulawulwe ukwanda kobunikazi bedijithali; Ukwenza kungasebenzi i-akhawunti kwenziwa lula (ukususa i-akhawunti ye-SaaS lapho isisebenzi sihamba akusekhohliwe).

Futhi ngaphakathi kwezimpawu zayo eziyinhloko, amaphuzu alandelayo avelele:

  • ukungena ngemvume okukodwa
  • Ukusekelwa kwamaphrothokholi ajwayelekile
  • Izinhlelo zokusebenza ezivikelekile ze-akhawunti kanye nensiza eyenziwe lula
  • I-LDAP ithobela njengokugcina komsebenzisi kwangaphandle
  • Ukunikezwa kokufakazela ubuqiniso (ukungena ngemvume kwezenhlalo)
  • ukusebenza okuphezulu: iqoqo leseva, elibi, ukutholakala okuphezulu
  • kuhambisana ngokuphelele nokuhlanganiswa
  • izingqikithi ezilula okufanele uzisebenzise
  • ukuqinisekiswa okuqinile ngekhodi yendabuko yesikhathi esisodwa (OTP) nge-FreeOTP noma i-Google Authenticator
  • ukuxazulula inkinga uma ukhohlwa iphasiwedi yakho
  • ukwenziwa kwama-akhawunti ngokuzenzakalela (ngefomu noma okuthiwa ubuqiniso bezenhlalo)
  • enwebekayo: isisekelo somsebenzisi, izindlela zokufakazela ubuqiniso, izivumelwano.

Ungayifaka kanjani i-Keycloak ku-Linux?

Ukuze ufake i-Keycloak kwikhompyutha yakho noma kuseva, kumele silande iphakethe lokugcina le-Keycloak, singakuthola lokhu kusuka kusixhumanisi esingezansi.

Ngaleli cala Sizosebenzisa inguqulo 7.0 okuyinguqulo yakamuva etholakalayo okwamanje.

Kuzofanele sivule i-terminal futhi kuyo kufanele sithayiphe nje umyalo olandelayo:

wget https://downloads.jboss.org/keycloak/7.0.0/keycloak-7.0.0.tar.gz

Ngemuva kwalokho sizovula ifayili nge-zip:

tar -xvzf keycloak-7.0.0.tar.gz

Kwenziwe lokhu sizofaka umkhombandlela wohlelo lokusebenza kusanda kudalwa, ngalokhu sizokuthayipha okulandelayo:

cd keycloak-7.0.0
cd bin

Ukuba ngaphakathi kwalesi siqondisi sizoqhuba iseva ye-Keycloak ngomyalo olandelayo:

./standalone.sh

Kwenziwe lokhu iseva izoqala futhi manje sekuyisikhathi sokusebenzisa isiphequluli sewebhu, ukufinyelela insiza yeKeycloak kuzofanele ukuthi singene kuleli kheli lewebhu elilandelayo http://localhost:8080/auth/ noma esimweni sokusebenzisa isizinda noma ikheli le-IP (kuseva yewebhu) kuzodingeka ufinyelele endleleni lapho ubeke khona ifolda ye-Keycloak.

Usuvele ungaphakathi kwekhasi le-Keycloak, lapha singabona ukuthi kuzofanele senze i-akhawunti yomlawuli, njengoba ubona kusikrini esilandelayo.

I-KeyCloak

Lapho udala umsebenzisi womlawuli, manje kusinika inketho yokufaka iphaneli yomlawuli, Uma ungasitholi isigaba, vele uye kusixhumanisi esilandelayo, http: // localhost: 8080 / auth / admin /, lapho ungangena khona ngemininingwane oyikhethile.

Kusuka manje bazokwazi ukuphatha i-Keycloak, engeza abasebenzisi abasha kanye nokukwazi ukufaka ama-adaptha.

Ekugcineni lapho icala lokuthi kukhona inguqulo entsha futhi bafuna ukuyivuselela kulokhu ngaphandle kokulahlekelwa yimininingwane yabo noma umane uzizwe uvikelekile ukusebenzisa indlela yokuvuselela ukufaka amafayela wenguqulo entsha kunaleyo asebenayo.

Kubalulekile ukugcizelela ukuthi insizakalo kufanele imiswe phakathi nale nqubo.

Ku-terminal, vele usebenzise umyalo olandelayo, ngalokhu kumele babe ngaphakathi kwesiqondisi esikhulu seKeycloak

sh bin/jboss-cli.sh --file=bin/migrate-standalone.cli

Uma ufuna ukwazi kabanzi ngayo, ungaxhumana nemibhalo Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.