{"id":23043448,"url":"https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop","last_synced_at":"2025-04-03T01:28:10.470Z","repository":{"id":267711327,"uuid":"901069309","full_name":"embesozzi/keycloak-openfga-multitenancy-workshop","owner":"embesozzi","description":"Keycloak integration with OpenFGA and Apache APISIX for multi-tenancy authentication and authorization at Scale","archived":false,"fork":false,"pushed_at":"2024-12-12T14:00:07.000Z","size":684,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-08T15:46:26.057Z","etag":null,"topics":["api-gateway","apisix","apisix-plugin","authentication","authorization","authzen","identity-provider-idp","keycloak","keycloak-plugin","multitenancy","oauth2","openfga","openid-connect"],"latest_commit_sha":null,"homepage":"https://embesozzi.medium.com/building-scalable-multi-tenancy-authentication-and-authorization-using-open-standards-and-7341fcd87b64","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/embesozzi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":"https://www.paypal.me/embesozzi"}},"created_at":"2024-12-10T01:37:54.000Z","updated_at":"2025-01-21T16:41:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"4a4cd19f-1b80-4261-9e15-a273af10c19a","html_url":"https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop","commit_stats":null,"previous_names":["embesozzi/keycloak-openfga-multitenancy-workshop"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embesozzi%2Fkeycloak-openfga-multitenancy-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embesozzi%2Fkeycloak-openfga-multitenancy-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embesozzi%2Fkeycloak-openfga-multitenancy-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embesozzi%2Fkeycloak-openfga-multitenancy-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/embesozzi","download_url":"https://codeload.github.com/embesozzi/keycloak-openfga-multitenancy-workshop/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246920156,"owners_count":20855101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","apisix","apisix-plugin","authentication","authorization","authzen","identity-provider-idp","keycloak","keycloak-plugin","multitenancy","oauth2","openfga","openid-connect"],"created_at":"2024-12-15T20:47:28.980Z","updated_at":"2025-04-03T01:28:10.455Z","avatar_url":"https://github.com/embesozzi.png","language":"Lua","funding_links":["https://www.paypal.me/embesozzi"],"categories":[],"sub_categories":[],"readme":"# Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software: Keycloak, OpenFGA and Apache APISIX\n\nThis repository contains a PoC implemented with [Keycloak](https://www.keycloak.org/) integrated with [OpenFGA](https://openfga.dev/) and Apache APISIX on how build a scalable multi-tenancy architecture based Open Standards and Open-Source Software (OSS).\n\n\nThis workshop is based the following article [Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software](https://embesozzi.medium.com/building-scalable-multi-tenancy-authentication-and-authorization-using-open-standards-and-7341fcd87b64). You will find there full details about the authorization architecture guidelines and involved components.\n\n![arquitecture](docs/arquitecture.png)\n\n- Keycloak: New Organization Feature\n- Keycloak OpenFGA Event Publisher Extension: New support for synchronizing the organization model \n- [Apache APISIX Authorization OpenFGA Plugin](https://github.com/embesozzi/apisix-authz-openfga): New support for multiples policies with condition (AND / OR)\n\n# How to install?\n## Prerequisites\n\n * Install Git, [Docker](https://www.docker.com/get-docker) and [Docker Compose](https://docs.docker.com/compose/install/#install-compose) in order to run the steps provided in the next section\u003cbr\u003e\n\n## Deploy the on-click deployment PoC\n\n1. Clone this repository\n    ````bash\n    git clone https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop\n    cd keycloak-openfga-multitenancy-workshop\n    ````\n\n2. Execute following Docker Compose command to start the deployment\n\n   ```sh\n   ./mutitenancy-workshop.sh\n   ```\n\n3. To be able to use this environment, you need to add this line to your local HOSTS file:\n\n   ```sh\n   127.0.0.1 payplus.lab keycloak openfga\n   ```\n\n4. Access the following web UIs using URLs bellow via a web browser.\n\n    | Component                 |  URI                          |  Credential               | Image                                    |\n    | ------------------------- |:-----------------------------:|:-------------------------:|:-----------------------------------------:\n    | Keycloak Console          |   http://keycloak:8081        |  admin / password         | quay.io/keycloak/keycloak:26.0.6         |\n    | OpenFGA Playground        |   http://localhost:3000/playground  |                     | openfga/openfga:v1.8.0                   | \n    | PayPlus Portal              |   http://payplus.lab:4000           |                           | ghcr.io/twogenidentity/demoapp-payplus-multitenancy                             |\n\n\n## Test cases\n\nThe test cases are described in the article [Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software](https://embesozzi.medium.com/building-scalable-multi-tenancy-authentication-and-authorization-using-open-standards-and-7341fcd87b64).\n\n\n![playplus-1](docs/payplus-1.png)\n\n![playplus-2](docs/payplus-2.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fembesozzi%2Fkeycloak-openfga-multitenancy-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fembesozzi%2Fkeycloak-openfga-multitenancy-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fembesozzi%2Fkeycloak-openfga-multitenancy-workshop/lists"}