akyriako/blueprints
1
0
Fork 0
forked from docs/blueprints
Code Pull Requests Activity

- added overview

Browse Source
This commit is contained in:
Kyriakos Akriotis 2023-12-12 11:56:21 +01:00
parent b46ef02fab
commit 5a756dbeff
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
doc/source/best-practices/security/deploy_keycloak.rst
View File

@ -11,24 +11,37 @@ Deploy Keycloak on a CCE Cluster
Overview Overview
======== ========
| > *There are no further requirements for an article except to include the following sections at the **end**, and to follow all general Open Telekom Architecture Center content requirements.* Keycloak is an open-source identity and access management (IAM) solution developed by Red Hat. It provides features for
| > *An Open Telekom Cloud Architecture Center article template, for **external** creators, requires the following sections at the end of the article:* single sign-on (SSO), user authentication, authorization, and identity brokering. Keycloak aims to simplify the
implementation of authentication and authorization mechanisms in applications by offering a centralized and configurable
platform.
.. topic:: TL;DR Key features of Keycloak include:
1. **Single Sign-On (SSO):** Keycloak enables users to log in once and gain access to multiple applications without the need to re-enter credentials for each application.
2. **Identity Federation:** It supports identity brokering, allowing users to log in with existing accounts from social networks (such as Google, Facebook, or GitHub) or other identity providers.
3. **User Authentication:** Keycloak provides a variety of authentication mechanisms, including username and password, multi-factor authentication, and support for external identity providers.
4. **Authorization Services:** It includes fine-grained access control and authorization policies to manage what users can and cannot do within applications.
5. **User Account Management:** Keycloak offers user self-registration, password reset, and other account management features.
6. **LDAP and Active Directory Integration:** It supports integration with LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory for seamless user management.
7. **Client Adapters:** Keycloak provides client adapters for various platforms and languages, making it easier to integrate with applications built using different technologies.
8. **Security and Compliance:** Keycloak follows best practices for security and compliance, including support for OAuth 2.0 and OpenID Connect standards.
Developers can integrate Keycloak with their applications using various protocols such as OpenID Connect, OAuth 2.0,
SAML (Security Assertion Markup Language), and more. It is commonly used in microservices architectures and
distributed systems to manage authentication and authorization in a centralized manner. Keycloak is often employed in
scenarios where secure user authentication and access control are crucial, such as enterprise applications,
web applications, and APIs.
In this blueprint, we are going to discuss the steps to install Keycloak, in Open Telekom Cloud, on a CCE Cluster.
| >> Make a brief summary of what is the article about
.. Main Article .. Main Article
.. Components .. Components
| > *No header required here*
| > *(Expected to list all the Open Telekom Cloud components used, but it could be optional if it just an architectural paradigm.*
.. Sections 1..n .. Sections 1..n
| > *You can name the Section titles as it seems fit to the workflow of the article.*
Create a VPC and a Subnet Create a VPC and a Subnet
========================= =========================