This provides api for authentication via Ldap, OAuth2.
cd /root/kubeauthentication
./run_kubeauth.sh
- It uses helm to deploy the service. The charts are present in
chart
directory. Ldap
application should be running if you want to authenticate user using ldap.- In order to use Auth0, we need below information
- Client ID
- Client Secret
- Realm
The
Link
contains how to set up application and use oauth. For setting up Auth0 also look intoEdward Viaene
tutorial onLearn DevOps: Advanced Kubernetes Usage
. In this tutorial go toauthentication
andauthorization
video. application.yml
should contains oauth2 details for authentication to work.- Please refer link to understand authentication using OIDC
- it provides
/kubectl
rest api for authentication viacli
. The api returns the id_token which is used by cli to provide to kubernetes service. it uses Auth0 OpenId connect for authentication.
alias kctl='kubectl --kubeconfig=/root/oauth.conf --token=$(python3 /root/kubernetes/install_k8s/kube-login/cli-auth.py)'
- It provides
/check
and/authenticate
api which is used by ingress controller to authenticate user when they access protected url. It uses ldap for authentication./check
rest api send 401 (UnAuthorized) if the user is not authenticated, and 200 (OK) is the user is authenticated./authenticate
rest api presents login page to the user. Upon successful authentication, it redirects user to the target page which was sent by the ingress controller to the login service a request parameter.
nginx.ingress.kubernetes.io/auth-signin: https://master.cloud.com:32028/authenticate
nginx.ingress.kubernetes.io/auth-url: https://master.cloud.com:32028/check
- It provides
/oauth2/token
api for authenticating user using Auth0 OpenId Connect. It provides id_token and access_token as response to user.
-
Below links provide good architecture and code examples of customizing spring security
-
https://www.bezkoder.com/spring-boot-jwt-mysql-spring-security-architecture It Implements below architecture
-
-
Udemy tutorials
Spring Boot Security and oAuth2 in depth from scratch
OAuth 2-0 in Spring Boot Applications
Spring Security Zero to Master along with JWT,OAUTH2
Learn DevOps Advanced Kubernetes Usage
(Authentication and Authorization)
-
Good Slides to learn about Oauth
Authorization Code Grant Type
Client Credentials
Password
Device flow
PKCE-Enhanced Authorization code
Refreshing Access Token