-
Notifications
You must be signed in to change notification settings - Fork 0
How to test MinIO SSO keycloak
Cesar Celis Hernandez edited this page Sep 22, 2023
·
5 revisions
Test MinIO with Keycloack as SSO mechanism
- Sun Jan 1 2023 -> PASSED!
- Fri Aug 11 2023 -> PASSED! on version
RELEASE.2023-07-21T21-12-44Z
- Fri Sep 22 2023 -> PASSED! on version
RELEASE.2023-09-20T22-49-55Z
- Run
keycloak
:
cd ~
sudo rm -rf keycloak-containers
git clone [email protected]:keycloak/keycloak-containers.git
cd keycloak-containers/server
git checkout 12.0.4
docker build -t jboss/keycloak:12.0.4 .
docker run --rm -p 9080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak:12.0.4
- Access
keycloak
athttp://localhost:9080
user: admin
password: admin
- Follow steps and configure
keycloak
:
* Create a Realm called "myrealm"
* Clients
* Click on account
* Settings, set "Valid Redirect URIs" to "*"
* expand "Advanced Settings" and set "Access Token Lifespan" to 1 Hours
* Save
* Clients
* Click on `account`
* Mappers Tab in the middle
* Click `Create` button
* "Name" with "anytext"
* `Mapper Type` is `User Attribute`
* `User Attribute` is `policy`
* Token Claim Name is policy
* Claim JSON Type is string
* Click "Create" button
* Name: Audience
* Mapper Type: Audience
* Included Client Audience: security-admin-console
* Save the two mappers
* Clients > account > Setting > "Service Accounts Enabled" = ON
* Go to Roles
* Add new Role `admin` with Description `${role_admin}`
* "Composite Roles" as "ON"
* "Available Roles" move them to "Associated Roles"
* Do same for all "Client Roles" from left to right.
* Roles
* Default Roles
* "Available Roles" move all to "Real Default Roles"
* Same for all "Client Roles" all from left to right
* Clients
* account
* "Service Account Roles" tab.
* "Available Roles" move to "Assigned Roles"
* Same for all "Client Roles"
* Users
* Create "minio" user
* Attribute "policy" value "readwrite"
* Put `minio123` password
* "Role Mappings" Tab
* "Available Roles" all from left to right
* Same for all "Client Roles"
* Add and Save
- Run
MinIO
:
* Clients
* account
* Credentials
* Secret
* 81f55c5f-137f-4d83-82c5-c7fdc73cad5e
|
|_ COPY THIS IN MINIO ENV!!!!!
sudo rm -rf /Volumes/data1/.minio.sys/
sudo rm -rf /Volumes/data2/.minio.sys/
sudo rm -rf /Volumes/data3/.minio.sys/
sudo rm -rf /Volumes/data4/.minio.sys/
export MINIO_IDENTITY_OPENID_CLIENT_SECRET="81f55c5f-137f-4d83-82c5-c7fdc73cad5e"
export MINIO_IDENTITY_OPENID_SCOPES="openid,profile,email"
export MINIO_BROWSER_REDIRECT_URL=http://localhost:9001
export MINIO_SERVER_URL=http://localhost:9000
export MINIO_IDENTITY_OPENID_CLIENT_ID="account"
export MINIO_IDENTITY_OPENID_CONFIG_URL=http://localhost:9080/auth/realms/myrealm/.well-known/openid-configuration
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123
minio server /Volumes/data{1...4} --address :9000 --console-address :9001
-
Go to
http://localhost:9001/login
inINCOGNITO
-
Click
Login with SSO
:
- Provide the credentials:
user: minio
password: minio123
- It is expected that you can see
Console
UI: