{"id":13506037,"url":"https://github.com/ging/fiware-idm","last_synced_at":"2025-05-07T21:04:55.237Z","repository":{"id":37451978,"uuid":"102724150","full_name":"ging/fiware-idm","owner":"ging","description":"OAuth 2.0-based authentication of users and devices, user profile management, Single Sign-On (SSO) and Identity Federation across multiple administration domains.","archived":false,"fork":false,"pushed_at":"2024-03-12T11:00:14.000Z","size":17263,"stargazers_count":39,"open_issues_count":81,"forks_count":82,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-05-07T21:04:46.492Z","etag":null,"topics":["access-control","fiware","fiware-keyrock","identity-management"],"latest_commit_sha":null,"homepage":"https://keyrock-fiware.github.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ging.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-07T10:29:30.000Z","updated_at":"2025-01-03T03:01:22.000Z","dependencies_parsed_at":"2023-02-13T23:30:28.434Z","dependency_job_id":"6e677b1d-fd1c-4ca3-b803-600ebc35b84c","html_url":"https://github.com/ging/fiware-idm","commit_stats":null,"previous_names":[],"tags_count":44,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ging%2Ffiware-idm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ging%2Ffiware-idm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ging%2Ffiware-idm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ging%2Ffiware-idm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ging","download_url":"https://codeload.github.com/ging/fiware-idm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252954432,"owners_count":21830903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","fiware","fiware-keyrock","identity-management"],"created_at":"2024-08-01T01:00:33.497Z","updated_at":"2025-05-07T21:04:55.210Z","avatar_url":"https://github.com/ging.png","language":"JavaScript","readme":"# Identity Manager - Keyrock\n\n[![FIWARE Security](https://nexus.lab.fiware.org/repository/raw/public/badges/chapters/security.svg)](https://www.fiware.org/developers/catalogue/)\n[![License: MIT](https://img.shields.io/github/license/ging/fiware-idm.svg)](https://opensource.org/licenses/MIT)\n[![Docker badge](https://img.shields.io/badge/quay.io-fiware%2Fidm-grey?logo=red%20hat\u0026labelColor=EE0000)](https://quay.io/repository/fiware/idm)\n[![Support badge](https://img.shields.io/badge/tag-fiware-orange.svg?logo=stackoverflow)](https://stackoverflow.com/questions/tagged/fiware-keyrock)\n\u003cbr\u003e\n[![Documentation](https://img.shields.io/readthedocs/fiware-idm.svg)](https://fiware-idm.readthedocs.io/en/latest/)\n[![CI](https://github.com/ging/fiware-idm/workflows/CI/badge.svg)](https://github.com/ging/fiware-idm/actions?query=workflow%3ACI)\n[![Coverage Status](https://coveralls.io/repos/github/ging/fiware-idm/badge.svg?branch=master)](https://coveralls.io/github/ging/fiware-idm?branch=master)\n![Status](https://nexus.lab.fiware.org/repository/raw/public/static/badges/statuses/keyrock.svg)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/f45e537ccc7041f88589fe7b9d793e65)](https://app.codacy.com/gh/ging/fiware-idm/dashboard?utm_source=gh\u0026utm_medium=referral\u0026utm_content=\u0026utm_campaign=Badge_grade)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4414/badge)](https://bestpractices.coreinfrastructure.org/projects/4414)\n\nKeyrock is the FIWARE component responsible for Identity Management. Using\nKeyrock (in conjunction with other security components such as\n[PEP Proxy](https://github.com/ging/fiware-pep-proxy) and\n[Authzforce](https://github.com/authzforce/server)) enables you to add\nOAuth2-based authentication and authorization security to your services and\napplications.\n\nThis project is part of [FIWARE](https://www.fiware.org/). For more information\ncheck the FIWARE Catalogue entry for\n[Security](https://github.com/Fiware/catalogue/tree/master/security).\n\n| :books: [Documentation](https://fiware-idm.readthedocs.io/en/latest/) | :page_facing_up: [Site](https://keyrock-fiware.github.io/) | :mortar_board: [Academy](https://fiware-academy.readthedocs.io/en/latest/security/keyrock.html) | \u003cimg style=\"height:1em\" src=\"https://quay.io/static/img/quay_favicon.png\"/\u003e [quay.io](https://quay.io/repository/fiware/idm) | :dart: [Roadmap](https://github.com/ging/fiware-idm/blob/master/roadmap.md) |\n| --------------------------------------------------------------------- | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |\n\n\n## Content\n\n-   [Background](#background)\n    -   [Software requirements](#software-requirements)\n-   [Install](#install)\n    -   [Docker](#docker)\n-   [Usage](#usage)\n-   [API](#api)\n-   [Tests](#tests)\n-   [Advanced Documentation](#advanced-documentation)\n-   [Changes Introduced in 7.x](#changes-introduced-in-7x)\n-   [Quality Assurance](#quality-assurance)\n-   [License](#license)\n\n---\n\n## Background\n\nThe main identity management concepts within Keyrock are:\n\n-   Users\n    -   Have a registered account in Keyrock.\n    -   Can manage organizations and register applications.\n-   Organizations\n    -   Are group of users that share resources of an application (roles and\n        permissions).\n    -   Users can be members or owners (manage the organization).\n-   Applications\n    -   has the client role in the OAuth 2.0 architecture and will request\n        protected user data.\n    -   Are able to authenticate users using their Oauth credentials (ID and\n        secret) which unequivocally identify the application\n    -   Define roles and permissions to manage authorization of users and\n        organizations\n    -   Can register Pep Proxy to protect backends.\n    -   Can register IoT Agents.\n\nKeyrock provides both a GUI and an API interface.\n\n### Software requirements\n\nThis GE is based on a JavaScript environment and SQL databases. In order to run\nthe identity manager the following requirements must be installed:\n\n-   node.js\n-   npm\n-   mysql-server (^5.7)\n-   build-essential\n\n## Install\n\n1.  Clone Proxy repository:\n\n```console\ngit clone https://github.com/ging/fiware-idm.git\n```\n\n2.  Install the dependencies:\n\n```console\ncd fiware-idm/\nnpm install\n```\n\n3.  Duplicate config.template in config.js:\n\n```console\ncp config.js.template config.js\n```\n\n4.  Configure data base access credentials:\n\n```javascript\nconfig.database = {\n    host: 'localhost', // default: 'localhost'\n    password: 'idm', // default: 'idm'\n    username: 'root', // default: 'root'\n    database: 'idm', // default: 'idm'\n    dialect: 'mysql' // default: 'mysql'\n};\n```\n\n5.  To configure the server to listen HTTPS requests, generate certificates\n    OpenSSL and configure config.js:\n\n```console\n./generate_openssl_keys.sh\n```\n\n```javascript\nconfig.https = {\n    enabled: true, //default: 'false'\n    cert_file: 'certs/idm-2018-cert.pem',\n    key_file: 'certs/idm-2018-key.pem',\n    port: 443\n};\n```\n\n6.  Create database, run migrations and seeders:\n\n```console\nnpm run-script create_db\nnpm run-script migrate_db\nnpm run-script seed_db\n```\n\n7.  Start server with admin rights (server listens in 3000 port by default or in\n    443 if HTTPS is enabled).\n\n```console\nsudo npm start\n```\n\nYou can test the Identity manager using the default user:\n\n-   Email: `admin@test.com`\n-   Password: `1234`\n\n### Docker\n\nWe also provide a Docker image to facilitate you the building of this GE.\n\n-   [Here](https://github.com/ging/fiware-idm/tree/master/extras/docker) you\n    will find the Dockerfile and the documentation explaining how to use it.\n-   In [Docker Hub](https://hub.docker.com/r/fiware/idm/) you will find the\n    public image.\n\n## Usage\n\nInformation about how to use the Keyrock GUI can be found in the\n[User \u0026 Programmers Manual](https://fiware-idm.readthedocs.io/en/latest/user_and_programmers_guide/introduction).\n\n## API\n\nResources can be managed through the API (e.g. Users, applications and\norganizations). Further information can be found in the\n[API section](https://fiware-idm.readthedocs.io/en/latest/api/introduction).\n\nFinally, one of the main uses of this Generic Enabler is to allow developers to\nadd identity management (authentication and authorization) to their applications\nbased on FIWARE identity. This is posible thanks to\n[OAuth2](https://oauth.net/2/) protocol. For more information check the\n[OAuth2 API](https://fiware-idm.readthedocs.io/en/latest/oauth/introduction).\n\n## Tests\n\nFor performing a basic end-to-end test, you have to follow the next steps. A\ndetailed description about how to run tests can be found\n[here](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/sanity_check/).\n\n1.  Verify that the host address of IdM can be reached. By default, web access\n    will show a Login Page.\n2.  Acquire a valid username and password and access with those credentials. The\n    resulting web page is the landing page of the IdM KeyRock Portal.\n3.  Verify that you can view the list of applications, organizations, etc.\n\n## Advanced Documentation\n\n-   [How to run tests](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/sanity_check/)\n-   [User \u0026 Programmers Manual](https://fiware-idm.readthedocs.io/en/latest/user_and_programmers_guide/introduction/)\n-   [Installation \u0026 Administration Guide](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/introduction/)\n-   [Connecting IdM to a eIDAS node](https://fiware-idm.readthedocs.io/en/latest/oauth/introduction)\n\n## Changes Introduced in 7.x\n\nThey biggest change introduced in 7.x is that the identity manager no longer\ndepends on Openstack components Keystone and Horizon. Now is fully implemented\nin Node JS. Another remarkable changes have been made:\n\n1.  A driver has been implemented in order to make authentication against\n    another database different from the default one.\n2.  The appearance of the web portal can be easily modified though configurable\n    themes.\n3.  Now users don't need to switch session in order to create an application\n    that will belong to an organization.\n4.  Permissions of an application can be edited or deleted.\n5.  IdM could play the role of gateway between services and eDIAS Node in order\n    to allow users authentication with their national eID.\n6.  OAuth Refresh Token Supported.\n7.  Configurable OAuth token types (Permanent tokens and Json Web Tokens).\n8.  OAuth Revoke Token endpoint enable.\n9.  Internazionalization od UI (Spanish and English supported).\n10. User Admin Panel.\n11. Trusted application for OAuth token validation.\n12. IdM could play the role as PDP for basic authorization.\n13. Complete Sign out. Delete session in services as well as in Keyrock.\n\n## Quality Assurance\n\nThis project is part of [FIWARE](https://www.fiware.org/) and has been rated as\nfollows:\n\n-   **Version Tested:**\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Version\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.version\u0026colorB=blue)\n-   **Documentation:**\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Completeness\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.docCompleteness\u0026colorB=blue)\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Usability\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.docSoundness\u0026colorB=blue)\n-   **Responsiveness:**\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Time%20to%20Respond\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.timeToCharge\u0026colorB=blue)\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Time%20to%20Fix\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.timeToFix\u0026colorB=blue)\n-   **FIWARE Testing:**\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Tests%20Passed\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.failureRate\u0026colorB=blue)\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Scalability\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.scalability\u0026colorB=blue)\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Performance\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.performance\u0026colorB=blue)\n    ![](https://img.shields.io/badge/dynamic/json.svg?label=Stability\u0026url=https://fiware.github.io/catalogue/json/keyrock.json\u0026query=$.stability\u0026colorB=blue)\n\n---\n\n## License\n\nKeyrock is licensed under the [MIT](LICENSE) License.\n\n© 2018-2023 Universidad Politécnica de Madrid.\n","funding_links":[],"categories":["FIWARE Catalogue"],"sub_categories":["Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fging%2Ffiware-idm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fging%2Ffiware-idm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fging%2Ffiware-idm/lists"}