A central authentication server for all services build with the open source identity and access management tool Keycloak https://www.keycloak.org/.
A basic explanation of the terms and standards used by Keycloak can be found in the documentation about OAuth 2.0 and OpenID Connect.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
To build the project, the following prerequisites must be met:
- Docker 19.x
- Docker Compose
Get a copy of the repository:
git clone https://github.com/noi-techpark/authentication-server.git
Change directory:
cd authentication-server/
In order that the authentication server works correctly, you have to perform two setup steps before starting.
First, you have to add the following line to your /etc/hosts
file of your machine:
127.0.0.1 keycloak
Second, you have to create a Docker network:
docker network create authentication
Before start working you have to start the Docker containers:
docker-compose up --build --detach
After finished working you can stop the Docker containers:
docker-compose stop
The website will be accessible at http://localhost:8080/. The default username for the master realm is "admin" and the password "password".
In order to test the whole workflow locally, Mailhog is set up and can be configured as SMTP server that catches all outgoing mails. These are the SMTP configurations:
- Host: mailhog
- Port: 1025
All catched emails can be visited at http://localhost:8025/.
If you want to make some adjustments to the theme, you can run the following commands, so that all CSS files will be regenerated on the fly:
cd themes/noiV2/common/resources
npm install
npm run watch
Or you can run it also inside a Docker container:
docker run --rm -it -v $PWD:/code -w /code/themes/noiV2/common/resources node:16 npm install
docker run --rm -it -v $PWD:/code -w /code/themes/noiV2/common/resources node:16 npm run watch
By default the authentication server has no applications configured. That's why you can find in the documentation a detailed description on how to set up and configure the server.
In addition, example application where you can take a look how to integrate your application with the authentication server can be found in this repository: https://github.com/noi-techpark/authentication-examples.
To deploy the app, you must first create the production Docker image. This can be done using the docker-compose.build.yml
file. Therefore, duplicate first the file .env.build.example
to .env
and then set the environment variables "DOCKER_IMAGE" and "DOCKER_TAG". Last, you can create and push the image using the following commands:
docker-compose -f docker-compose.build.yml build
docker-compose -f docker-compose.build.yml push
For a detailed installation instruction of the production servers, you can check out the installation documentation and upgrade documentation.
If you want to configure different tools and applications to provide the authentication using the authentication server, you have to make different configurations and adjustments. Detailed information about different tools can be found here.
Learn how you can configure a keycloak installation as an identity broker. More details can be found here
For support, please contact [email protected].
If you'd like to contribute, please follow the following instructions:
-
Fork the repository.
-
Checkout a topic branch from the
development
branch. -
Make sure the tests are passing.
-
Create a pull request against the
development
branch.
A more detailed description can be found here: https://github.com/noi-techpark/documentation/blob/master/contributors.md.
More documentation can be found at https://opendatahub.readthedocs.io/en/latest/index.html.
The code in this project is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE Version 3 license. See the LICENSE.md file for more information.
This project is REUSE compliant, more information about the usage of REUSE in NOI Techpark repositories can be found here.
Since the CI for this project checks for REUSE compliance you might find it useful to use a pre-commit hook checking for REUSE compliance locally. The pre-commit-config file in the repository root is already configured to check for REUSE compliance with help of the pre-commit tool.
Install the tool by running:
pip install pre-commit
Then install the pre-commit hook via the config file by running:
pre-commit install