Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak SSO spike #70

Closed
wants to merge 7 commits into from
Closed

Keycloak SSO spike #70

wants to merge 7 commits into from

Conversation

kronn
Copy link
Member

@kronn kronn commented Oct 25, 2019

As a basis for discussion, this adds some ideas to implement SSO with keycloak. The only thing binding this to keycloak instead of any other OpenID-Connect server is the naming of variables, though. Maybe also some pathname-assumptions, as well.

To support another server (-type), only the clients needs to be configured differently. The flow should stay the same.

@kronn
Add Tools to communicate with keycloak
cb398cc 
- add gem for openid-connect, which is the protocol we are interested in

- add some helpers (probably they belong into the login-controller) that
  match the try-and-error result from the rails console
@kronn
Describe concept for settings.yml
b8344c2 
OTOH, this might be better solved with 3-4 ENV-vars...
@kronn
Make port optional
59c7936 
might be a useless idea, kill it if you want to
@kronn
Sketch our basic retrieval of ID from keycloak
c4552a3
@kronn
Add a few comments and the most basic check
3acc66f
@kronn
Rework the login and add small comment
815c1eb
@kronn
Leave bad advice in the codebase
506ca2f
codez
codez reviewed Oct 28, 2019
View reviewed changes
app/controllers/login_controller.rb
redirect_to params[:ref].presence || root_path
else
flash[:alert] = 'Ungültige Benutzerdaten'
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Warum nicht konfigurierbar? Falls Settings.keycloak.server gesetzt via OpenId, sonst via DB. Der Mehraufwand ist minim, die Möglichkeit, pTime weiterhin ohne Keycloak betreiben zu können, bestimmt für irgendwen interessant.

@Kagemaru Kagemaru force-pushed the master branch 2 times, most recently from be9e9a2 to d09a88e Compare December 9, 2020 15:11
@Kagemaru Kagemaru force-pushed the master branch 4 times, most recently from b7e8e68 to b84f926 Compare December 18, 2020 10:03
@Kagemaru Kagemaru force-pushed the master branch 5 times, most recently from 0c66df4 to 6b619e0 Compare July 8, 2021 15:06
@kronn
Copy link
Member Author

kronn commented Sep 7, 2022

As you spoke in actual code, this spike is but a spook by now.
closing it :-)

moving on

@kronn kronn closed this Sep 7, 2022
@kronn kronn deleted the keycloak-sso-spike branch September 7, 2022 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codez codez codez left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kronn @codez