https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop
Keycloak integration with OpenFGA and Apache APISIX for multi-tenancy authentication and authorization at Scale
https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop
api-gateway apisix apisix-plugin authentication authorization authzen identity-provider-idp keycloak keycloak-plugin multitenancy oauth2 openfga openid-connect
Last synced: about 2 months ago
JSON representation
Keycloak integration with OpenFGA and Apache APISIX for multi-tenancy authentication and authorization at Scale
- Host: GitHub
- URL: https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop
- Owner: embesozzi
- License: apache-2.0
- Created: 2024-12-10T01:37:54.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-12-12T14:00:07.000Z (5 months ago)
- Last Synced: 2025-02-08T15:46:26.057Z (3 months ago)
- Topics: api-gateway, apisix, apisix-plugin, authentication, authorization, authzen, identity-provider-idp, keycloak, keycloak-plugin, multitenancy, oauth2, openfga, openid-connect
- Language: Lua
- Homepage: https://embesozzi.medium.com/building-scalable-multi-tenancy-authentication-and-authorization-using-open-standards-and-7341fcd87b64
- Size: 668 KB
- Stars: 8
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software: Keycloak, OpenFGA and Apache APISIX
This repository contains a PoC implemented with [Keycloak](https://www.keycloak.org/) integrated with [OpenFGA](https://openfga.dev/) and Apache APISIX on how build a scalable multi-tenancy architecture based Open Standards and Open-Source Software (OSS).
This workshop is based the following article [Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software](https://embesozzi.medium.com/building-scalable-multi-tenancy-authentication-and-authorization-using-open-standards-and-7341fcd87b64). You will find there full details about the authorization architecture guidelines and involved components.
- Keycloak: New Organization Feature
- Keycloak OpenFGA Event Publisher Extension: New support for synchronizing the organization model
- [Apache APISIX Authorization OpenFGA Plugin](https://github.com/embesozzi/apisix-authz-openfga): New support for multiples policies with condition (AND / OR)
# How to install?
## Prerequisites
* Install Git, [Docker](https://www.docker.com/get-docker) and [Docker Compose](https://docs.docker.com/compose/install/#install-compose) in order to run the steps provided in the next section
## Deploy the on-click deployment PoC
1. Clone this repository
````bash
git clone https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop
cd keycloak-openfga-multitenancy-workshop
````
2. Execute following Docker Compose command to start the deployment
```sh
./mutitenancy-workshop.sh
```
3. To be able to use this environment, you need to add this line to your local HOSTS file:
```sh
127.0.0.1 payplus.lab keycloak openfga
```
4. Access the following web UIs using URLs bellow via a web browser.
| Component | URI | Credential | Image |
| ------------------------- |:-----------------------------:|:-------------------------:|:-----------------------------------------:
| Keycloak Console | http://keycloak:8081 | admin / password | quay.io/keycloak/keycloak:26.0.6 |
| OpenFGA Playground | http://localhost:3000/playground | | openfga/openfga:v1.8.0 |
| PayPlus Portal | http://payplus.lab:4000 | | ghcr.io/twogenidentity/demoapp-payplus-multitenancy |
## Test cases
The test cases are described in the article [Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software](https://embesozzi.medium.com/building-scalable-multi-tenancy-authentication-and-authorization-using-open-standards-and-7341fcd87b64).
