-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SSO] KeyCloak Setup and Implementation #1338
Comments
Migration to KeyCloak will change the API tokens for all users |
Task Steps:
|
TODO:
|
@snyaggarwal I think we need to revisit the approach a bit and when switching to use oidc server we should really be redirecting users to Keycloak for login / logout / singup / forgot password. We can then easily rely on Keyclock providing MFA, adding other identity providers like Google, Facebook, etc. We are also more secure as OCLAPI code is not storing or handling any user credentials and we are not responsible for any password leaks. See https://oauth.net/2/grant-types/password/ which explicitly says it is not recommended that this grant be used at all anymore. |
https://www.keycloak.org/docs/latest/server_development/#_themes is how we would go about customizing the keycloak theme. |
@rkorytkowski Alight! I am working on the setup. |
…te import order
…ion or from headers
Key behaviors that need to be tested as deploy on the QA and staging environments:
|
Next stesps:
|
@rkorytkowski Moving this to Code Review. |
… env vars | using client creds in exchange token call
…API to get redirects for login/logout
@paynejd @rkorytkowski A new Client integration documentation |
@jamlung-ri @paynejd @rkorytkowski This is now merged with master and deployed on QA (with SSO disabled) |
@paynejd and @jamlung-ri to test this on Dev |
Note that OID-compatible features for the API were merged into master and were deployed to all environments. KeyCloak is deployed for OCL Online and only a single instance will be used for all environments. Currently, SSO has been enabled only on Next steps include:
|
Tasks (High Level)
Questions:
Other Notes:
The text was updated successfully, but these errors were encountered: