Keycloak Identity Provider
The git repository ships with a kustomization to install keycloak identity manager to get you up and running for testing.
NOTE: This document assumes you installed the kustomizations in ~/fastx-cluster/
You can install keycloak by running
kubectl apply -k ~/fastx-cluster/base/tools/keycloak
keycloak installs in the keycloak namespace
Accessing Keycloak
In order to access the server, you can use kubernetes port-forwarding to create a local forward
kubectl port-forward -n oidc service/keycloak :8080
* Keep this process open
** Replace <FORWARD_PORT> with the forwarded port number
Browse to http://localhost<FORWARD_PORT>:/admin
- Username: admin
- Password: admin
A basic fastx realm is preconfigured
Creating a SAML Application
SAML provides a simple method for identity authentication. Follow the instructions to set up a SAML application with keycloak.
Select the fastx realm
Click Clients
Click Create Client
In General settings
- Client type: SAML
- Client ID: fastx
- Name: FastX SAML
- Next
In Login settings
- Root URL: <External DNS URL of your cluster>
- Home URL: <External DNS URL of your cluster>
- Valid redirect URIs: *
- Valid post logout redirect URIs: <External DNS URL of your cluster>
- Save
Select the Keys Tab
- Copy the Certificate
Setting up the SAML Application in FastX
Have the following items ready
- External DNS URL of your cluster
- Client ID
- Certificate
~/fastx-cluster/base/tools/config/saml.sh > ~/fastx-cluster/patches/patch-auth-saml.yaml
kubectl create secret generic --dry-run=client auth-saml -o yaml -n fastx --from-file=~/fast-cluster/patches/auth-saml.ini > ~/fast-cluster/patches/auth-saml-secret.yaml
Add the following to your ~/fastx-cluster/patches/kustomization.yaml file
- target:
kind: Secret
name: auth-saml
namespace: fastx
path: patch-auth-saml.yaml
Reapply
kubectl apply -k ~/fastx-cluster
kubectl rollout restart -n fastx deploy/fastx4
FastX Realm
Browse to http://localhost:<FORWARD_PORT>/realms/fastx/account
There are 2 users preconfigured in the fastx test realm.
Basic user with no admin permsissions
- Username: testuser
- Password: testuser
User with admin permissions
- Username: adminuser
- Password: adminuser