An open API service indexing awesome lists of open source software.

https://github.com/arulrajnet/apisix-oidc-keycloak

APISIX + Keycloak + Whoami. Auto configure apisix with keycloak as IDM and whoami service as upstream.
https://github.com/arulrajnet/apisix-oidc-keycloak

apisix keycloak whoami

Last synced: 4 months ago
JSON representation

APISIX + Keycloak + Whoami. Auto configure apisix with keycloak as IDM and whoami service as upstream.

Awesome Lists containing this project

README

        

:toc: left
:figure-caption!:

[[apisix-oidc-with-keycloak]]
= APISIX OIDC + Keycloak + whoami

This example repo describe how to access whoami/any service securely via APISIX OIDC with keycloak.

== Prerequisites

* Docker 24.0.6 or latest
* Docker compose v2.22.0 or latest

== How to use

* Map `foo.example.com` and `bar.example.com` against `127.0.0.1` in `/etc/hosts` file
* Then `docker-compose up -d`
* Then visit http://foo.example.com/
* Login using username: `[email protected]` password: `welcome123`
* Now the whoami page will load
* Goto http://bar.example.com/ . It will redirect to keycloak login page
* To logout from foo http://foo.example.com/logout

== Explanation

TBD

=== Architecture

* Keycloak 22.0.3
* APISIX 3.6.0
* keycloak-config-cli 5.8.0-22.0.0
* Postgres 15.4

=== Keycloak

Keycloak is an OpenID Connect Identity Provider (OIDC IDP).

=== Keycloak config init

Load the keycloak config into the keycloak using their API. We used this only to create realm, clients and users.

=== APISIX

APISIX is an advance reverse proxy.

=== APISIX init

This is just a shell script with curl command against APISIX admin API.

This will create

* Service
* Routes
* Plugins

=== Whoami

This is mock app. We used this as protected endpoints.

*Author*

[valign=center, halign=center, frame=all, grid=all, stripes=none, options=autowidth,footer]
|===
a|image::https://avatars0.githubusercontent.com/u/834529?s=86[alt="Follow @arulrajnet on Twitter", align="center", link="https://twitter.com/arulrajnet", window=_blank]
|link:https://twitter.com/arulrajnet[@arulrajnet, title="Follow @arulrajnet on Twitter", window=_blank]
|===