欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/Agda, C++/Erlang/Lisp
Keycloak
来自开放百科 - 灰狐
(版本间的差异)
小 (→项目) |
小 (→简介) |
||
| (未显示1个用户的54个中间版本) | |||
| 第1行: | 第1行: | ||
| + | {{SeeWikipedia}} | ||
| + | |||
Keycloak | Keycloak | ||
| + | |||
| + | [[文件:Keycloak-logo.png|right|Keycloak]] | ||
==简介== | ==简介== | ||
| + | [[文件:Quarkus-logo.png|right|Quarkus]] | ||
Keycloak 是一款开源的身份认证和访问控制管理的解决方案,使用 [[Java]] 开发,采用 Apache v2 许可证。 | Keycloak 是一款开源的身份认证和访问控制管理的解决方案,使用 [[Java]] 开发,采用 Apache v2 许可证。 | ||
| − | 因为源自 [[WildFly]] Application | + | 因为源自 [[WildFly]] Application Server ([https://docs.wildfly.org/20/WildFly_Elytron_Security.html WildFly Elytron Security]) 所以配置 Keycloak 的许多方面都围绕 WildFly 配置元素。 |
Keycloak 基于 WildFly 应用服务器及其子项目([[Infinispan]](用于缓存)和 [[Hibernate]](用于持久性)之上构建,所以需要阅读它们的相关文档。 | Keycloak 基于 WildFly 应用服务器及其子项目([[Infinispan]](用于缓存)和 [[Hibernate]](用于持久性)之上构建,所以需要阅读它们的相关文档。 | ||
| + | |||
| + | Keycloak WildFly (已废止) Distribution powered by WildFly | ||
| + | |||
| + | 当前是 Keycloak Distribution powered by [[Quarkus]] | ||
==功能== | ==功能== | ||
| + | [[文件:OpenID-Connect-OAuth20-and-SAML.png|right]] | ||
| + | *单点登录(SSO) | ||
| + | *支持的标准协议:[[OpenID]] Connect, [[OAuth]] 2.0 和 [[SAML]] 2.0 | ||
| + | *集中管理:对管理员和用户 | ||
| + | *适配器(Adapters):轻松保护各种应用和服务 | ||
| + | *支持 [[LDAP]] 和 [[Active Directory]]:连接已有的用户目录服务 | ||
| + | *社交账号:轻松启用社交登录 | ||
| + | *支持身份代理人(Identity Brokering):OpenID Connect or SAML 2.0 IdPs | ||
| + | *高性能:轻量、快速、可伸缩 | ||
| + | *集群:可扩展性、可用性 | ||
| + | *样式:自定义外观 | ||
| + | *可扩展:用户可通过代码自定义 | ||
| + | *密码策略:用户可自定义密码策略 | ||
==指南== | ==指南== | ||
| + | Quarkus | ||
| + | $ ./kc.sh build --db=postgres | ||
| + | $ conf/keycloak.conf | ||
| + | db=postgres | ||
| + | db-username=keycloak | ||
| + | db-password=keycloak | ||
| + | db-url=jdbc:postgresql://localhost/keycloak | ||
| + | hostname=debian | ||
| + | $ ./kc.sh start-dev | ||
| + | http://debian:8080/ | ||
| + | WildFly | ||
| + | $ cd keycloak-12.0.2/bin | ||
| + | $ ./standalone.sh // 默认使用 [[H2]] 数据库 | ||
| + | http://localhost:8080/auth/ | ||
| + | 配置 [[MariaDB]], [[MySQL]] | ||
| + | |||
| + | 配置 [[PostgreSQL]] | ||
==项目== | ==项目== | ||
| + | *[https://github.com/keycloak/keycloak Keycloak @ GitHub] | ||
| + | Keycloak 使用和依赖的一些开源软件: | ||
| + | *[https://github.com/jboss-modules/jboss-modules JBoss Modules] | ||
| + | *[https://github.com/jboss-msc/jboss-msc JBoss Modular Service Container] | ||
| + | *[https://github.com/jbossas/jboss-threads JBoss Threads] | ||
| + | *[https://github.com/wildfly/wildfly-core WildFly Core] | ||
| + | *[https://github.com/wildfly-security/wildfly-elytron WildFly Elytron] | ||
| + | *[https://github.com/xnio/xnio XNIO] | ||
| + | *[[Infinispan]] | ||
| + | *[[Hibernate]] | ||
| + | *[[RESTEasy]] | ||
| + | *[https://github.com/undertow-io/undertow Undertow] based on XNIO, HTTP listener default listening on 127.0.0.1:8080 | ||
| + | *[https://github.com/jboss-remoting JBoss Remoting] | ||
| + | *[[Apache FreeMarker]] | ||
| + | *[https://github.com/liquibase/liquibase Liquibase] | ||
| + | *[https://github.com/eformat/quarkus-keycloak quarkus angular keycloak] | ||
| + | *[[Apache FreeMarker]] | ||
| + | |||
| + | ==集成== | ||
| + | *[[FreeIPA]] services (Directory Server, [[Kerberos]], [[PKI]]) | ||
| + | *[[WSO2 API Manager]] [https://medium.com/@athiththan11/token-revocation-wso2-api-manager-keycloak-km-3695d217bd7c Token Revocation: WSO2 API Manager & Keycloak KM] | ||
| + | *[[OpenLDAP]] | ||
| + | *[[Apache Directory]] | ||
| + | *[[OpenID]] [https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/sso-protocols/oidc.html Connect] | ||
| + | |||
| + | ==Authorization== | ||
| + | [[文件:keycloak-policy-enforcement-point-pattern.png|PEP模式]] | ||
| + | |||
| + | 整合、集成更多的授权、策略解决方案,如:[https://docs.kantarainitiative.org/uma/wg/oauth-uma-grant-2.0-09.html User-Managed Access (UMA)], [[Open Policy Agent]] | ||
| + | |||
| + | ==2FA== | ||
| + | Keycloak 支持 [https://freeotp.github.io/ FreeOTP] | ||
| + | |||
| + | [https://github.com/andOTP/andOTP andOTP] 也是很好的 2FA 选择 | ||
==Keycloak.X== | ==Keycloak.X== | ||
| − | [https://www.keycloak.org/2019/10/keycloak-x Introducing Keycloak.X] | + | *[https://www.keycloak.org/2020/12/first-keycloak-x-release.adoc Introducing Keycloak.X Distribution] |
| + | *[https://github.com/keycloak/keycloak-community/tree/master/design/keycloak.x Keycloak.X Design] | ||
| + | *[https://www.keycloak.org/2019/10/keycloak-x Introducing Keycloak.X] | ||
| + | *[https://github.com/keycloak/keycloak/tree/master/quarkus Keycloak on Quarkus] [[Quarkus]] | ||
| − | == | + | ==Tomcat== |
| − | [https://github.com/keycloak/keycloak/ | + | [https://github.com/mnadeem/keycloak-server 部署 Keycloak in Tomcat, TomEE] |
| + | |||
| + | 可以考虑分发这样的版本,可以部署 [[Apache Tomcat]], [[Jetty]]。 | ||
| + | |||
| + | * [https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/tomcat-adapter.adoc Keycloak Tomcat adapter] | ||
| + | |||
| + | ==Jetty== | ||
| + | *[https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jetty9-adapter.adoc Keycloak Jetty Adapters] | ||
| + | |||
| + | ==API== | ||
| + | *[[API Platform]] [https://github.com/INGENIANCE/Api-Plateform-With-Keycloak With Keycloak] | ||
| + | |||
| + | ==[[Clojure]]== | ||
| + | [https://github.com/jgrodziski/keycloak-clojure keycloak-clojure] [[文件:keycloak-plus-clojure.png|right]] | ||
| + | |||
| + | ==SaaS== | ||
| + | Keycloak as a Service | ||
| + | * [https://operatorhub.io/operator/keycloak-operator Keycloak Operator] [https://github.com/keycloak/keycloak-operator Go语言驱动] | ||
| + | * Keycloak 运行在 [[JGroups]] 集群子系统,其高可用信息[http://docs.wildfly.org/23/High_Availability_Guide.html 可参考] [[WildFly]] High Availability Guide | ||
| + | * [https://www.cloud-iam.com/ Cloud IAM] Keycloak Identity and Access Management as a Service | ||
| + | * [[狗狗通行证]] | ||
| + | |||
| + | ==用户== | ||
==图集== | ==图集== | ||
<gallery> | <gallery> | ||
image:keycloak.png|Keycloak控制台 | image:keycloak.png|Keycloak控制台 | ||
| + | image:keycloak-identity-providers.png|identity providers | ||
| + | image:New-IA-Proposal-for-Keycloak-Admin-Console.png|新控制台提议 | ||
| + | image:keycloak-realm.png|Realm | ||
| + | image:keycloak-identity-broker-flow.png|Identity Broker Flow | ||
image:keycloak-device-activity.png|设备活动 | image:keycloak-device-activity.png|设备活动 | ||
| + | image:keycloak-authorization-architecture.png|授权架构 | ||
| + | image:keycloak-sssd-freeipa-integration-overview.png|FreeIPA集成 | ||
| + | image:keycloak-cross-dc-architecture.png|跨数据中心架构 | ||
| + | image:keycloak-operator-components.png|Operator组件 | ||
| + | image:keycloak-and-vault.png|Vault | ||
| + | image:krakend-keycloak-integration-workflow.png|集成KrakenD | ||
| + | image:WSO2-API-Manager-and-Keycloak.png|集成 WSO2 API Manager | ||
</gallery> | </gallery> | ||
==链接== | ==链接== | ||
*[https://www.keycloak.org Keycloak官网] | *[https://www.keycloak.org Keycloak官网] | ||
| − | *[https:// | + | *[https://developers.redhat.com/blog/2020/11/24/authentication-and-authorization-using-the-keycloak-rest-api# Authentication and Authorization using the Keycloak REST API] |
[[category:identity]] | [[category:identity]] | ||
[[category:security]] | [[category:security]] | ||
| + | [[category:quarkus]] | ||
[[category:java]] | [[category:java]] | ||
| + | [[category:Red Hat]] | ||
| + | [[category:Huihoo Foundation]] | ||
2022年5月12日 (四) 14:53的最后版本
|
您可以在Wikipedia上了解到此条目的英文信息 Keycloak Thanks, Wikipedia. |
Keycloak
目录 |
[编辑] 简介
Keycloak 是一款开源的身份认证和访问控制管理的解决方案,使用 Java 开发,采用 Apache v2 许可证。
因为源自 WildFly Application Server (WildFly Elytron Security) 所以配置 Keycloak 的许多方面都围绕 WildFly 配置元素。
Keycloak 基于 WildFly 应用服务器及其子项目(Infinispan(用于缓存)和 Hibernate(用于持久性)之上构建,所以需要阅读它们的相关文档。
Keycloak WildFly (已废止) Distribution powered by WildFly
当前是 Keycloak Distribution powered by Quarkus
[编辑] 功能
- 单点登录(SSO)
- 支持的标准协议:OpenID Connect, OAuth 2.0 和 SAML 2.0
- 集中管理:对管理员和用户
- 适配器(Adapters):轻松保护各种应用和服务
- 支持 LDAP 和 Active Directory:连接已有的用户目录服务
- 社交账号:轻松启用社交登录
- 支持身份代理人(Identity Brokering):OpenID Connect or SAML 2.0 IdPs
- 高性能:轻量、快速、可伸缩
- 集群:可扩展性、可用性
- 样式:自定义外观
- 可扩展:用户可通过代码自定义
- 密码策略:用户可自定义密码策略
[编辑] 指南
Quarkus
$ ./kc.sh build --db=postgres $ conf/keycloak.conf db=postgres db-username=keycloak db-password=keycloak db-url=jdbc:postgresql://localhost/keycloak hostname=debian $ ./kc.sh start-dev http://debian:8080/
WildFly
$ cd keycloak-12.0.2/bin $ ./standalone.sh // 默认使用 H2 数据库 http://localhost:8080/auth/
配置 PostgreSQL
[编辑] 项目
Keycloak 使用和依赖的一些开源软件:
- JBoss Modules
- JBoss Modular Service Container
- JBoss Threads
- WildFly Core
- WildFly Elytron
- XNIO
- Infinispan
- Hibernate
- RESTEasy
- Undertow based on XNIO, HTTP listener default listening on 127.0.0.1:8080
- JBoss Remoting
- Apache FreeMarker
- Liquibase
- quarkus angular keycloak
- Apache FreeMarker
[编辑] 集成
- FreeIPA services (Directory Server, Kerberos, PKI)
- WSO2 API Manager Token Revocation: WSO2 API Manager & Keycloak KM
- OpenLDAP
- Apache Directory
- OpenID Connect
[编辑] Authorization
整合、集成更多的授权、策略解决方案,如:User-Managed Access (UMA), Open Policy Agent
[编辑] 2FA
Keycloak 支持 FreeOTP
andOTP 也是很好的 2FA 选择
[编辑] Keycloak.X
- Introducing Keycloak.X Distribution
- Keycloak.X Design
- Introducing Keycloak.X
- Keycloak on Quarkus Quarkus
[编辑] Tomcat
可以考虑分发这样的版本,可以部署 Apache Tomcat, Jetty。
[编辑] Jetty
[编辑] API
[编辑] Clojure
keycloak-clojure
[编辑] SaaS
Keycloak as a Service
- Keycloak Operator Go语言驱动
- Keycloak 运行在 JGroups 集群子系统,其高可用信息可参考 WildFly High Availability Guide
- Cloud IAM Keycloak Identity and Access Management as a Service
- 狗狗通行证
[编辑] 用户
[编辑] 图集
Keycloak控制台
identity providers
新控制台提议
Realm
Identity Broker Flow
设备活动
授权架构
FreeIPA集成
跨数据中心架构
Operator组件
Vault
集成KrakenD
集成 WSO2 API Manager
[编辑] 链接
分享您的观点
