Keycloak Identity Provider


The git repository ships with a kustomization to install keycloak identity manager to get you up and running for testing.

NOTE: This document assumes you installed the kustomizations in ~/fastx-cluster/

You can install keycloak by running

kubectl apply -k ~/fastx-cluster/base/tools/keycloak

keycloak installs in the keycloak namespace

Accessing Keycloak

In order to access the server, you can use kubernetes port-forwarding to create a local forward


kubectl port-forward -n oidc service/keycloak :8080
* Keep this process open
** Replace <FORWARD_PORT> with the forwarded port number

Browse to http://localhost<FORWARD_PORT>:/admin

  • Username: admin
  • Password: admin

A basic fastx realm is preconfigured

Creating a SAML Application

SAML provides a simple method for identity authentication. Follow the instructions to set up a SAML application with keycloak.

Select the fastx realm
Click Clients

Click Create Client

In General settings

  • Client type: SAML
  • Client ID: fastx
  • Name: FastX SAML
  • Next

In Login settings

  • Root URL: <External DNS URL of your cluster>
  • Home URL: <External DNS URL of your cluster>
  • Valid redirect URIs: *
  • Valid post logout redirect URIs: <External DNS URL of your cluster>
  • Save

Select the Keys Tab

  • Copy the Certificate

Setting up the SAML Application in FastX

Have the following items ready

  • External DNS URL of your cluster
  • Client ID
  • Certificate
~/fastx-cluster/base/tools/config/saml.sh > ~/fastx-cluster/patches/patch-auth-saml.yaml
kubectl create secret generic --dry-run=client auth-saml -o yaml -n fastx  --from-file=~/fast-cluster/patches/auth-saml.ini > ~/fast-cluster/patches/auth-saml-secret.yaml

Add the following to your ~/fastx-cluster/patches/kustomization.yaml file

- target:
    kind: Secret
    name: auth-saml
    namespace: fastx
  path: patch-auth-saml.yaml

Reapply

kubectl apply -k ~/fastx-cluster
kubectl rollout restart -n fastx deploy/fastx4

FastX Realm

Browse to http://localhost:<FORWARD_PORT>/realms/fastx/account

There are 2 users preconfigured in the fastx test realm.

Basic user with no admin permsissions

  • Username: testuser
  • Password: testuser

User with admin permissions

  • Username: adminuser
  • Password: adminuser