gloo-portal-idp-connect

module

v0.4.0 Latest Latest Go to latest Published: Nov 19, 2024 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/solo-io/gloo-portal-idp-connect

Links

Open Source Insights

README ¶

IDP Connect

IDP Connect is an implementation of the Service Programming Interface Gloo Gateway Portal uses in order to manage client credentials for accessing services in your Kubernetes Cluster. In Gloo Gateway Portal, we use the concept of "Applications" to refer to the external applications accessing the API Products exposed via your Gloo Portal. When a user registers an application as an OAuth client, it is the responsibility of the SPI to create the credential associated with that application. For more information, and to review key terms associated with Gloo Gateway Portal, checkout out our documentation: Gloo Portal Documentation.

Supported Identity Providers

Here is a list of Identity Providers that we currently support:

Amazon Cognito
Keycloak

Configuration Instructions

Keycloak

A Keycloak client must be created for the Keycloak IDP Connect service to use. Provide the ID and secret of this client in the --client-id and --client-secret IDP Connect arguments respectively. This client must meet some requirements:

The client must have the manage-client permission needed for IDP Connect to be able to manipulate self-service clients.
Authorization must be enabled on this client, as this client will also act as an OAuth2 resource server.
Service accounts roles (or OAuth2 client credentials) must be enabled, to allow IDP Connect to use this client directly to manage other clients and resources.

Keycloak's support for client registration: https://www.keycloak.org/docs/latest/securing_apps/#_client_registration
Resource authorization in Keycloak: https://www.keycloak.org/docs/latest/authorization_services/
IDP Connect will manipulate resources using Keycloak's Authorization Services, which is based on User-Managed Access (UMA)

Production

IDP Connect provides a straightforward and easy-to-setup way of configuring credentials for the applications in your system; however, we expect that the needs of your system are and will evolve beyond the scope of this simple implementation. The SPI we provide provides a hook on top of which you can build a customizable system to service any number of more advanced use cases.

TODO: Add information for devs

Install tools
(Potential) Allow for AWS IAM Roles for service accounts as cognito auth method.

Directories ¶

Path	Synopsis
api
v1
cmd
internal
cognito
cognito/server
cognito/server/mock Package mock_server is a generated GoMock package.	Package mock_server is a generated GoMock package.
keycloak
keycloak/server
version
pkg
api/v1 Package v1 provides primitives to interact with the openapi HTTP API.	Package v1 provides primitives to interact with the openapi HTTP API.
test
utils/kubectl

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL