欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/Agda, C++/Erlang/Lisp
Keycloak
来自开放百科 - 灰狐
(版本间的差异)
小 |
小 (→Keycloak.X) |
||
(未显示1个用户的17个中间版本) | |||
第45行: | 第45行: | ||
*[[Apache FreeMarker]] | *[[Apache FreeMarker]] | ||
*[https://github.com/liquibase/liquibase Liquibase] | *[https://github.com/liquibase/liquibase Liquibase] | ||
+ | *[https://github.com/eformat/quarkus-keycloak quarkus angular keycloak] | ||
+ | *[[Apache FreeMarker]] | ||
==集成== | ==集成== | ||
第52行: | 第54行: | ||
*[[Apache Directory]] | *[[Apache Directory]] | ||
*[[OpenID]] [https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/sso-protocols/oidc.html Connect] | *[[OpenID]] [https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/sso-protocols/oidc.html Connect] | ||
+ | |||
+ | ==Authorization== | ||
+ | [[文件:keycloak-policy-enforcement-point-pattern.png|PEP模式]] | ||
+ | |||
+ | 整合、集成更多的授权、策略解决方案,如:[https://docs.kantarainitiative.org/uma/wg/oauth-uma-grant-2.0-09.html User-Managed Access (UMA)], [[Open Policy Agent]] | ||
+ | |||
+ | ==2FA== | ||
+ | Keycloak 支持 [https://freeotp.github.io/ FreeOTP] | ||
+ | |||
+ | [https://github.com/andOTP/andOTP andOTP] 也是很好的 2FA 选择 | ||
==Keycloak.X== | ==Keycloak.X== | ||
+ | *[https://www.keycloak.org/2020/12/first-keycloak-x-release.adoc Introducing Keycloak.X Distribution] | ||
*[https://github.com/keycloak/keycloak-community/tree/master/design/keycloak.x Keycloak.X Design] | *[https://github.com/keycloak/keycloak-community/tree/master/design/keycloak.x Keycloak.X Design] | ||
*[https://www.keycloak.org/2019/10/keycloak-x Introducing Keycloak.X] | *[https://www.keycloak.org/2019/10/keycloak-x Introducing Keycloak.X] | ||
第67行: | 第80行: | ||
==Jetty== | ==Jetty== | ||
*[https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jetty9-adapter.adoc Keycloak Jetty Adapters] | *[https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jetty9-adapter.adoc Keycloak Jetty Adapters] | ||
+ | |||
+ | ==API== | ||
+ | *[[API Platform]] [https://github.com/INGENIANCE/Api-Plateform-With-Keycloak With Keycloak] | ||
==SaaS== | ==SaaS== | ||
Keycloak as a Service | Keycloak as a Service | ||
+ | * [https://operatorhub.io/operator/keycloak-operator Keycloak Operator] [https://github.com/keycloak/keycloak-operator Go语言驱动] | ||
+ | * Keycloak 运行在 [[JGroups]] 集群子系统,其高可用信息[http://docs.wildfly.org/23/High_Availability_Guide.html 可参考] [[WildFly]] High Availability Guide | ||
+ | * [https://www.cloud-iam.com/ Cloud IAM] Keycloak Identity and Access Management as a Service | ||
+ | * [[狗狗通行证]] | ||
==图集== | ==图集== | ||
<gallery> | <gallery> | ||
image:keycloak.png|Keycloak控制台 | image:keycloak.png|Keycloak控制台 | ||
+ | image:New-IA-Proposal-for-Keycloak-Admin-Console.png|新控制台提议 | ||
+ | image:keycloak-realm.png|Realm | ||
image:keycloak-identity-broker-flow.png|Identity Broker Flow | image:keycloak-identity-broker-flow.png|Identity Broker Flow | ||
image:keycloak-device-activity.png|设备活动 | image:keycloak-device-activity.png|设备活动 | ||
第80行: | 第102行: | ||
image:keycloak-cross-dc-architecture.png|跨数据中心架构 | image:keycloak-cross-dc-architecture.png|跨数据中心架构 | ||
image:keycloak-operator-components.png|Operator组件 | image:keycloak-operator-components.png|Operator组件 | ||
+ | image:keycloak-and-vault.png|Vault | ||
</gallery> | </gallery> | ||
第85行: | 第108行: | ||
*[https://www.keycloak.org Keycloak官网] | *[https://www.keycloak.org Keycloak官网] | ||
*[https://github.com/keycloak/keycloak Keycloak @ GitHub] | *[https://github.com/keycloak/keycloak Keycloak @ GitHub] | ||
+ | *[https://developers.redhat.com/blog/2020/11/24/authentication-and-authorization-using-the-keycloak-rest-api# Authentication and Authorization using the Keycloak REST API] | ||
[[category:identity]] | [[category:identity]] | ||
[[category:security]] | [[category:security]] | ||
[[category:java]] | [[category:java]] |
2021年10月21日 (四) 03:13的版本
Keycloak
目录 |
简介
Keycloak 是一款开源的身份认证和访问控制管理的解决方案,使用 Java 开发,采用 Apache v2 许可证。
因为源自 WildFly Application Server (WildFly Elytron Security) 所以配置 Keycloak 的许多方面都围绕 WildFly 配置元素。
Keycloak 基于 WildFly 应用服务器及其子项目(Infinispan(用于缓存)和 Hibernate(用于持久性)之上构建,所以需要阅读它们的相关文档。
功能
- 单点登录(SSO)
- 支持的标准协议:OpenID Connect, OAuth 2.0 和 SAML 2.0
- 集中管理:对管理员和用户
- 适配器(Adapters):轻松保护各种应用和服务
- 支持 LDAP 和 Active Directory:连接已有的用户目录服务
- 社交账号:轻松启用社交登录
- 支持身份代理人(Identity Brokering):OpenID Connect or SAML 2.0 IdPs
- 高性能:轻量、快速、可伸缩
- 集群:可扩展性、可用性
- 样式:自定义外观
- 可扩展:用户可通过代码自定义
- 密码策略:用户可自定义密码策略
指南
$ cd keycloak-12.0.2/bin $ ./standalone.sh // 默认使用 H2 数据库 http://localhost:8080/auth/
配置 PostgreSQL
项目
Keycloak 使用和依赖的一些开源软件:
- JBoss Modules
- JBoss Modular Service Container
- JBoss Threads
- WildFly Core
- WildFly Elytron
- XNIO
- Infinispan
- Hibernate
- RESTEasy
- Undertow based on XNIO, HTTP listener default listening on 127.0.0.1:8080
- JBoss Remoting
- Apache FreeMarker
- Liquibase
- quarkus angular keycloak
- Apache FreeMarker
集成
- FreeIPA services (Directory Server, Kerberos, PKI)
- WSO2 API Manager Token Revocation: WSO2 API Manager & Keycloak KM
- OpenLDAP
- Apache Directory
- OpenID Connect
Authorization
整合、集成更多的授权、策略解决方案,如:User-Managed Access (UMA), Open Policy Agent
2FA
Keycloak 支持 FreeOTP
andOTP 也是很好的 2FA 选择
Keycloak.X
- Introducing Keycloak.X Distribution
- Keycloak.X Design
- Introducing Keycloak.X
- Keycloak on Quarkus Quarkus
Tomcat
可以考虑分发这样的版本,可以部署 Apache Tomcat, Jetty。
Jetty
API
SaaS
Keycloak as a Service
- Keycloak Operator Go语言驱动
- Keycloak 运行在 JGroups 集群子系统,其高可用信息可参考 WildFly High Availability Guide
- Cloud IAM Keycloak Identity and Access Management as a Service
- 狗狗通行证
图集
链接
分享您的观点