https://github.com/arulrajnet/apisix-oidc-keycloak
APISIX + Keycloak + Whoami. Auto configure apisix with keycloak as IDM and whoami service as upstream.
https://github.com/arulrajnet/apisix-oidc-keycloak
apisix keycloak whoami
Last synced: 4 months ago
JSON representation
APISIX + Keycloak + Whoami. Auto configure apisix with keycloak as IDM and whoami service as upstream.
- Host: GitHub
- URL: https://github.com/arulrajnet/apisix-oidc-keycloak
- Owner: arulrajnet
- License: mit
- Created: 2023-11-20T01:23:29.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-12-10T13:21:17.000Z (over 1 year ago)
- Last Synced: 2025-01-03T04:50:25.969Z (5 months ago)
- Topics: apisix, keycloak, whoami
- Language: Shell
- Homepage:
- Size: 18.6 KB
- Stars: 1
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.adoc
- License: LICENSE
Awesome Lists containing this project
README
:toc: left
:figure-caption!:[[apisix-oidc-with-keycloak]]
= APISIX OIDC + Keycloak + whoamiThis example repo describe how to access whoami/any service securely via APISIX OIDC with keycloak.
== Prerequisites
* Docker 24.0.6 or latest
* Docker compose v2.22.0 or latest== How to use
* Map `foo.example.com` and `bar.example.com` against `127.0.0.1` in `/etc/hosts` file
* Then `docker-compose up -d`
* Then visit http://foo.example.com/
* Login using username: `[email protected]` password: `welcome123`
* Now the whoami page will load
* Goto http://bar.example.com/ . It will redirect to keycloak login page
* To logout from foo http://foo.example.com/logout== Explanation
TBD
=== Architecture
* Keycloak 22.0.3
* APISIX 3.6.0
* keycloak-config-cli 5.8.0-22.0.0
* Postgres 15.4=== Keycloak
Keycloak is an OpenID Connect Identity Provider (OIDC IDP).
=== Keycloak config init
Load the keycloak config into the keycloak using their API. We used this only to create realm, clients and users.
=== APISIX
APISIX is an advance reverse proxy.
=== APISIX init
This is just a shell script with curl command against APISIX admin API.
This will create
* Service
* Routes
* Plugins=== Whoami
This is mock app. We used this as protected endpoints.
*Author*
[valign=center, halign=center, frame=all, grid=all, stripes=none, options=autowidth,footer]
|===
a|image::https://avatars0.githubusercontent.com/u/834529?s=86[alt="Follow @arulrajnet on Twitter", align="center", link="https://twitter.com/arulrajnet", window=_blank]
|link:https://twitter.com/arulrajnet[@arulrajnet, title="Follow @arulrajnet on Twitter", window=_blank]
|===