No description, website, or topics provided.
Shell
Switch branches/tags
Nothing to show
Clone or download
Ward, Michael S Ward, Michael S
Ward, Michael S and Ward, Michael S add realm secret image
Latest commit a0840fb Jun 10, 2016

README.md

docker-openidc

Project using Ping Identities mod_auth_openidc in conjunction with Apache to provide openidconnect functionality with Keycloak in Kubernetes

Included are Kubernetes Ingress, Service and Replication Controller example files.

Below are environment variables that must be set in the container for Apache to consume on startup.

${SSLPROXYVERIFY} on|off

certificate verification of the remote server

${SSLPROXYCHECKPEERCN} on|off

remote server certificate's CN field is compared against the hostname of the request URL

${SSLPROXYCHECKPEERNAME} on|off

host name checking for server certificates when mod_ssl is acting as an SSL client

${SSLPROXYCHECKPEEREXPIRE} on|off

check if the remote server certificate is expired or not

${SSLPROXYMACHINECERT} path to machine cert. This is a combined file of cert and key. Ex. /etc/kubernetes/ssl/combined.pem

all-in-one file where you keep the certificate chain for all of the client certs in use

${SSLCERT}

ssl certificate file ex. /path/to/some/ca.pem

${SSLKEY}

ssl certificate key file ex. /path/to/some/ca-key.pem

${OIDCPROVIDERMETADATAURL} ex. https://my_domain/auth/realms/demo/.well-known/openid-configuration

Where 'demo' equals the name of your keycloak realm

${OIDCCLIENTID} realm name from keycloak.

${OIDCCLIENTSECRET} secret from realm. (In this case Keycloak realm secret) ex. below

${OIDCCRYPTOPASSPHRASE}

some random secret you create. ex. biteme

${REDIRECTDOMAIN} domain your apache server is on ex. master.kubernetes.com

same domain as your Apache server

${SERVERNAME}

IP of the kubernetes api server you are proxying to. This could also be a domain.