From 5a756dbeffd39ef3cfd85cde96699dca5f0745cc Mon Sep 17 00:00:00 2001 From: Kyriakos Akriotis Date: Tue, 12 Dec 2023 11:56:21 +0100 Subject: [PATCH] - added overview --- .../security/deploy_keycloak.rst | 31 +++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/doc/source/best-practices/security/deploy_keycloak.rst b/doc/source/best-practices/security/deploy_keycloak.rst index 431c84d..5ce9492 100755 --- a/doc/source/best-practices/security/deploy_keycloak.rst +++ b/doc/source/best-practices/security/deploy_keycloak.rst @@ -11,24 +11,37 @@ Deploy Keycloak on a CCE Cluster Overview ======== -| > *There are no further requirements for an article except to include the following sections at the **end**, and to follow all general Open Telekom Architecture Center content requirements.* -| > *An Open Telekom Cloud Architecture Center article template, for **external** creators, requires the following sections at the end of the article:* +Keycloak is an open-source identity and access management (IAM) solution developed by Red Hat. It provides features for +single sign-on (SSO), user authentication, authorization, and identity brokering. Keycloak aims to simplify the +implementation of authentication and authorization mechanisms in applications by offering a centralized and configurable +platform. -.. topic:: TL;DR +Key features of Keycloak include: + +1. **Single Sign-On (SSO):** Keycloak enables users to log in once and gain access to multiple applications without the need to re-enter credentials for each application. +2. **Identity Federation:** It supports identity brokering, allowing users to log in with existing accounts from social networks (such as Google, Facebook, or GitHub) or other identity providers. +3. **User Authentication:** Keycloak provides a variety of authentication mechanisms, including username and password, multi-factor authentication, and support for external identity providers. +4. **Authorization Services:** It includes fine-grained access control and authorization policies to manage what users can and cannot do within applications. +5. **User Account Management:** Keycloak offers user self-registration, password reset, and other account management features. +6. **LDAP and Active Directory Integration:** It supports integration with LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory for seamless user management. +7. **Client Adapters:** Keycloak provides client adapters for various platforms and languages, making it easier to integrate with applications built using different technologies. +8. **Security and Compliance:** Keycloak follows best practices for security and compliance, including support for OAuth 2.0 and OpenID Connect standards. + +Developers can integrate Keycloak with their applications using various protocols such as OpenID Connect, OAuth 2.0, +SAML (Security Assertion Markup Language), and more. It is commonly used in microservices architectures and +distributed systems to manage authentication and authorization in a centralized manner. Keycloak is often employed in +scenarios where secure user authentication and access control are crucial, such as enterprise applications, +web applications, and APIs. + +In this blueprint, we are going to discuss the steps to install Keycloak, in Open Telekom Cloud, on a CCE Cluster. - | >> Make a brief summary of what is the article about .. Main Article .. Components -| > *No header required here* -| > *(Expected to list all the Open Telekom Cloud components used, but it could be optional if it just an architectural paradigm.* - .. Sections 1..n -| > *You can name the Section titles as it seems fit to the workflow of the article.* - Create a VPC and a Subnet =========================