https://github.com/thomasdarimont/kc-dnc-demo

PoC for securing AspNetCore based Web Apps with Keycloak.
https://github.com/thomasdarimont/kc-dnc-demo

Last synced: about 1 month ago
JSON representation

PoC for securing AspNetCore based Web Apps with Keycloak.

• Host: GitHub
• URL: https://github.com/thomasdarimont/kc-dnc-demo
• Owner: thomasdarimont
• License: apache-2.0
• Created: 2019-03-06T17:53:10.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2019-03-29T15:32:55.000Z (over 5 years ago)
• Last Synced: 2024-05-02T00:17:41.225Z (about 2 months ago)
• Language: C#
• Homepage:
• Size: 1 MB
• Stars: 37
• Watchers: 6
• Forks: 15
• Open Issues: 1
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Lists

• awesome-keycloak - Example for Securing AspDotNet Core Apps with Keycloak

README

        
# PoC for ASP.Net Core Keycloak Integration

Simple example for securing an AspNetCore Web App with Keycloak.

The example consists of two modules:

* WebApi - A simple stateless REST Web-Service that is secured with JWT authentication.

* WebApp - A simple Web App that is secured via Keycloak.

The WebApp module demonstrates a basic integration with Keycloak by leveraging the built-in OpenID Connect support in AspNetCore which is additionally augmented with Keycloak specific configuration, like client role extraction. Further more, the WebApp calls the WebApi with an Access-Token provided after a successful authentication, to demonstrate calls to backend services.

The following features are currently supported:

* Single-Sign in with Keycloak

* Logout with Keycloak

* Access client specific role information (`resource_access` claim)

* Automatic Access-Token refresh in background

* Extract Access-Token to call backend-services.

# Building

Note you need .Net Core 2.2, which you can get here: [.Net Core 2.2 Download](https://dotnet.microsoft.com/download/dotnet-core/2.2)

```

dotnet restore

dotnet build

```

## Setup https for dotnet core

TODO

# Running

> Start Keycloak with the dnc-demo Realm 

```

docker run \

  -d \

  --name keycloak-dnc \

  -e KEYCLOAK_USER=admin \

  -e KEYCLOAK_PASSWORD=admin \

  --net=host \

  -p 8080:8080 \

  -v `pwd`/dnc-demo-realm.json:/config/dnc-demo-realm.json \

  -it jboss/keycloak:5.0.0 \

  -b 0.0.0.0 \

  -Djboss.http.port=8080 \

  -Dkeycloak.migration.action=import \

  -Dkeycloak.migration.provider=singleFile \

  -Dkeycloak.migration.file=/config/dnc-demo-realm.json \

  -Dkeycloak.migration.strategy=OVERWRITE_EXISTING

```

> Start the WebApp 

```

//TODO

```

> Start the WebAPI

```

//TODO

```

> Login via https://localhost:5001

* Login as user with tester:test

* Login as admin with arno:test

# Third-Party Components

The example uses the following third-party components:

* [Automatic Token Management](https://github.com/IdentityServer/IdentityServer4.Samples/tree/master/Clients/src/MvcHybridAutomaticRefresh/AutomaticTokenManagement) 

Automatically renews the Access-Token in the background of the WebApp module.