https://github.com/arulrajnet/apisix-oidc-keycloak

APISIX + Keycloak + Whoami. Auto configure apisix with keycloak as IDM and whoami service as upstream.
https://github.com/arulrajnet/apisix-oidc-keycloak

apisix keycloak whoami

Last synced: 4 months ago
JSON representation

APISIX + Keycloak + Whoami. Auto configure apisix with keycloak as IDM and whoami service as upstream.

• Host: GitHub
• URL: https://github.com/arulrajnet/apisix-oidc-keycloak
• Owner: arulrajnet
• License: mit
• Created: 2023-11-20T01:23:29.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2023-12-10T13:21:17.000Z (over 1 year ago)
• Last Synced: 2025-01-03T04:50:25.969Z (5 months ago)
• Topics: apisix, keycloak, whoami
• Language: Shell
• Homepage:
• Size: 18.6 KB
• Stars: 1
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.adoc
  • License: LICENSE

Awesome Lists containing this project

README

        
:toc: left

:figure-caption!:

[[apisix-oidc-with-keycloak]]

= APISIX OIDC + Keycloak + whoami

This example repo describe how to access whoami/any service securely via APISIX OIDC with keycloak.

== Prerequisites

* Docker 24.0.6 or latest

* Docker compose v2.22.0 or latest

== How to use

* Map `foo.example.com` and `bar.example.com` against `127.0.0.1` in `/etc/hosts` file

* Then `docker-compose up -d`

* Then visit http://foo.example.com/

* Login using username: `[email protected]` password: `welcome123`

* Now the whoami page will load

* Goto http://bar.example.com/ . It will redirect to keycloak login page

* To logout from foo http://foo.example.com/logout

== Explanation

TBD

=== Architecture

* Keycloak 22.0.3

* APISIX 3.6.0

* keycloak-config-cli 5.8.0-22.0.0

* Postgres 15.4

=== Keycloak

Keycloak is an OpenID Connect Identity Provider (OIDC IDP).

=== Keycloak config init

Load the keycloak config into the keycloak using their API. We used this only to create realm, clients and users.

=== APISIX

APISIX is an advance reverse proxy.

=== APISIX init

This is just a shell script with curl command against APISIX admin API.

This will create

* Service

* Routes

* Plugins

=== Whoami

This is mock app. We used this as protected endpoints.

*Author*

[valign=center, halign=center, frame=all, grid=all, stripes=none, options=autowidth,footer]

|===

a|image::https://avatars0.githubusercontent.com/u/834529?s=86[alt="Follow @arulrajnet on Twitter", align="center", link="https://twitter.com/arulrajnet", window=_blank]

|link:https://twitter.com/arulrajnet[@arulrajnet, title="Follow @arulrajnet on Twitter", window=_blank]

|===