Orion APIs authentication through Keycloak

620 Views Asked by pasquy73 At 20 September 2022 at 08:21

I want to add authentication on my Orion APIs through my Keycloak IdM. I know it is possible to use Orion together Pep Proxy Wilma and Keyrock to do this task, and a possible workaround can be to integrate keyrock with keycloak at this link (7 years ago).

Do you have some news or suggestion about this?

Thank you in advance.

Original Q&A

There are 3 best solutions below

pasquy73 On 07 October 2022 at 10:49 BEST ANSWER

And the kong.yml file is:

_format_version: "2.1"
_transform: true

services:
  - host: "orion_ip"
    name: "orion"
    path: "/v2"
    port: 1026
    protocol: http

    routes:
      - name: orion
        paths:
          - /orion
        strip_path: true

    plugins:
      - name: pep-plugin
        config:
          authorizationendpointtype: Keycloak
          authorizationendpointaddress: https://keycloak_ip
          keycloakrealm: myrealm
          keycloakclientid: clientid
          keycloakclientsecret: clientsecret
          keycloackadditionalclaims:
            "http.fiware-servicepath": "fiware-servicepath"
            "http.fiware-service": "fiware-service"

Stefan Wiedemann On 22 September 2022 at 08:53

there is a (relatively new) solution available. Instead of Wilma, you can use the Kong-API-Gateway as a PEP-Proxy with the FIWARE-PEP-Plugin. That way, authentication(and authorization) can be delegated to Keycloak. You can find more on that in those 2 presentations:

https://github.com/wistefan/presentations/blob/main/summit-gran-canaria/kong/FGS22-Kong.pdf https://github.com/wistefan/presentations/blob/main/summit-gran-canaria/keycloak/FGS22-Keycloak.pdf

pasquy73 On 07 October 2022 at 10:34

I found all params you need to run the docker image (in powershell):

docker run -d --name kong-dbless `
  -v "$(pwd):/kong/declarative/" `
  -e "KONG_DATABASE=off" `
  -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" `
  -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" `
  -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" `
  -e "KONG_PROXY_ERROR_LOG=/dev/stderr" `
  -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" `
  -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" `
  -e KONG_LICENSE_DATA `
  -e "KONG_LOG_LEVEL=info" `
  -e "KONG_PLUGINS=bundled,pep-plugin"  `
  -e "KONG_PLUGINSERVER_NAMES=pep-plugin" `
  -e "KONG_PLUGINSERVER_PEP_PLUGIN_QUERY_CMD=/go-plugins/pep-plugin -dump" `
  -e "KONG_PLUGINSERVER_PEP_PLUGIN_START_CMD=/go-plugins/pep-plugin" `
  -p 8000:8000 `
  -p 8001:8001 `
  quay.io/fiware/kong:0.3.3

Orion APIs authentication through Keycloak

There are 3 best solutions below

Related Questions in FIWARE

Related Questions in FIWARE-ORION

Related Questions in FIWARE-WILMA

Related Questions in FIWARE-KEYROCK

Trending Questions

Popular # Hahtags

Popular Questions