https://github.com/skygenesisenterprise/aether-realm

Open Source Identity and Access Management For Modern Applications and Services
https://github.com/skygenesisenterprise/aether-realm

ldap oidc saml sso

Last synced: about 1 month ago
JSON representation

Open Source Identity and Access Management For Modern Applications and Services

• Host: GitHub
• URL: https://github.com/skygenesisenterprise/aether-realm
• Owner: skygenesisenterprise
• License: apache-2.0
• Created: 2025-11-10T18:08:39.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-11-14T05:04:44.000Z (7 months ago)
• Last Synced: 2026-04-05T20:39:49.242Z (3 months ago)
• Topics: ldap, oidc, saml, sso
• Language: Java
• Homepage: https://skygenesisenterprise.com
• Size: 40 MB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: .github/CONTRIBUTING.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md
  • Support: .github/SUPPORT.md

Awesome Lists containing this project

README

          


# Aether Realm

[![Build Status](https://img.shields.io/badge/build-passing-brightgreen.svg)](https://github.com/your-org/aether-realm)

[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)

[![Java Version](https://img.shields.io/badge/java-17+-orange.svg)](https://openjdk.java.net/)

[![Docker](https://img.shields.io/badge/docker-ready-blue.svg)](docker-compose.yml)

> **Open Source Identity and Access Management For Modern Applications and Services**

Aether Realm is a comprehensive identity and access management solution built on Keycloak, providing secure authentication, authorization, and user management capabilities for modern applications and microservices architectures.



## 🚀 Features

### Core Identity & Access Management

- **Single Sign-On (SSO)** - Seamless authentication across multiple applications

- **Multi-Factor Authentication (MFA)** - Enhanced security with TOTP, WebAuthn, and more

- **Social Login Integration** - Support for Google, GitHub, Facebook, and 20+ identity providers

- **User Federation** - LDAP, Active Directory, and Kerberos integration

- **Fine-Grained Authorization** - Attribute-based and role-based access control (ABAC/RBAC)

### Enterprise Features

- **High Availability & Clustering** - Built-in support for distributed deployments

- **Multi-Tenancy** - Isolated realms for different organizations or applications

- **Audit & Compliance** - Comprehensive logging and audit trails

- **Custom Themes & Branding** - Fully customizable user interface

- **RESTful APIs** - Complete admin and client APIs for automation

### Developer Experience

- **OpenID Connect (OIDC)** & **OAuth 2.0** - Industry-standard protocols

- **SAML 2.0** - Enterprise federation support

- **Client Libraries** - SDKs for Java, JavaScript, Python, and more

- **Docker & Kubernetes Ready** - Container-native deployment

- **Extensible Architecture** - Custom providers and extensions

## 🏗️ Architecture

Aether Realm is built on a modern, cloud-native stack:

```

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐

│   Web Apps      │    │   Mobile Apps   │    │   APIs/Services │

└─────────────────┘    └─────────────────┘    └─────────────────┘

         │                       │                       │

         └───────────────────────┼───────────────────────┘

                                 │

                    ┌─────────────────┐

                    │  Aether Realm   │

                    │   (Keycloak)    │

                    └─────────────────┘

                                 │

         ┌───────────────────────┼───────────────────────┐

         │                       │                       │

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐

│   PostgreSQL    │    │   Infinispan    │    │   LDAP/AD       │

│   (Database)    │    │   (Cache)       │    │   (User Store)  │

└─────────────────┘    └─────────────────┘    └─────────────────┘

```

## 🚀 Quick Start

### Prerequisites

- **Java 17+** or **Docker & Docker Compose**

- **4GB+ RAM** recommended

- **Port 8080** available

### Option 1: Docker (Recommended)

```bash

# Clone the repository

git clone https://github.com/skygenesisenterprise/aether-realm.git

cd aether-realm

# Start with default configuration

docker-compose up -d

# Access the application

open http://localhost:8080

```

**Default Credentials:**

- **Admin Console**: http://localhost:8080/admin

- **Username**: `admin`

- **Password**: `admin123`

### Option 2: Native Installation

```bash

# Build the application

./mvnw clean install -DskipTests

# Start the server

./quarkus/runtime/target/quarkus-app/quarkus-run.jar

```

## 🐳 Docker Configuration

### Development Setup

```bash

# Basic development setup

docker-compose up -d

# With PostgreSQL database

docker-compose --profile postgres up -d

# With Redis cache

docker-compose --profile redis up -d

# With Infinispan clustering

docker-compose --profile infinispan up -d

# All services (production-like)

docker-compose --profile postgres --profile redis --profile infinispan up -d

```

### Environment Variables

| Variable | Default | Description |

|----------|---------|-------------|

| `KC_BOOTSTRAP_ADMIN_USERNAME` | `admin` | Initial admin username |

| `KC_BOOTSTRAP_ADMIN_PASSWORD` | `admin123` | Initial admin password |

| `KC_HOSTNAME` | `localhost` | Server hostname |

| `KC_DB` | `dev-file` | Database type (`dev-file`, `postgres`, `mysql`) |

| `KC_HTTP_ENABLED` | `true` | Enable HTTP endpoint |

| `KC_CACHE` | `local` | Cache type (`local`, `redis`, `infinispan`) |

| `JAVA_OPTS` | `-Xmx1024m -Xms512m` | JVM configuration |

## 📚 Documentation

### User Guides

- [Getting Started](docs/getting-started.md)

- [Admin Console Guide](docs/admin-console.md)

- [User Management](docs/user-management.md)

- [Client Configuration](docs/client-configuration.md)

### Developer Resources

- [API Documentation](docs/api.md)

- [Protocol Support](docs/protocols.md)

- [Custom Providers](docs/custom-providers.md)

- [Theme Development](docs/theme-development.md)

### Operations

- [Deployment Guide](docs/deployment.md)

- [Clustering & High Availability](docs/clustering.md)

- [Security Hardening](docs/security.md)

- [Monitoring & Logging](docs/monitoring.md)

## 🔧 Configuration

### Basic Configuration

Create a new realm and configure your first application:

1. **Access Admin Console**: http://localhost:8080/admin

2. **Create Realm**: Navigate to "Realm settings" → "Add realm"

3. **Create Client**: Add your application with appropriate settings

4. **Create Users**: Add users with roles and permissions

### Advanced Configuration

**Database Configuration:**

```bash

# PostgreSQL

docker-compose --profile postgres up -d

# MySQL

docker-compose --profile mysql up -d

```

**Clustering Setup:**

```bash

# Enable clustering with Infinispan

docker-compose --profile infinispan up -d

```

**SSL/TLS Configuration:**

```bash

# Enable HTTPS

docker-compose --profile nginx up -d

```

## 🧪 Testing

### Run Tests

```bash

# Unit tests

./mvnw test

# Integration tests

./mvnw verify -Pintegration

# Full test suite

./mvnw clean verify

```

### Test Coverage

```bash

# Generate coverage report

./mvnw jacoco:report

# View coverage

open target/site/jacoco/index.html

```

## 📊 Monitoring & Observability

### Health Checks

- **Application Health**: http://localhost:8080/health

- **Metrics**: http://localhost:8080/metrics

- **Readiness Probe**: http://localhost:8080/health/ready

### Logging

```bash

# View application logs

docker-compose logs -f keycloak

# View specific service logs

docker-compose logs -f postgres

```

### Metrics Integration

- **Prometheus**: Metrics endpoint available at `/metrics`

- **Grafana**: Pre-built dashboards for Keycloak monitoring

- **Jaeger**: Distributed tracing support

## 🔒 Security

### Security Features

- **Encryption at Rest**: Database and cache encryption

- **Transport Security**: TLS 1.3 support

- **Password Policies**: Configurable password requirements

- **Session Management**: Secure session handling

- **CORS Protection**: Cross-origin resource sharing controls

### Security Hardening

```bash

# Production security profile

docker-compose --profile security-hardened up -d

```

## 🚀 Deployment

### Production Deployment

**Kubernetes:**

```bash

# Deploy to Kubernetes

kubectl apply -f k8s/

```

**Docker Swarm:**

```bash

# Deploy to Docker Swarm

docker stack deploy -c docker-compose.prod.yml aether-realm

```

**Cloud Platforms:**

- [AWS ECS](docs/deployment/aws.md)

- [Google Cloud Run](docs/deployment/gcp.md)

- [Azure Container Instances](docs/deployment/azure.md)

### Scaling Considerations

- **Horizontal Scaling**: Multiple instances behind load balancer

- **Database Scaling**: Read replicas and connection pooling

- **Cache Scaling**: Distributed cache with Infinispan

- **CDN Integration**: Static asset delivery optimization

## 🤝 Contributing

We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.

### Development Workflow

1. Fork the repository

2. Create a feature branch

3. Make your changes

4. Add tests

5. Submit a pull request

### Code Style

- Follow [Java Code Style](docs/coding-style.md)

- Use [Pre-commit hooks](.husky/pre-commit)

- Ensure [CI/CD pipeline](.github/workflows/) passes

## 📄 License

This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.

## 🆘 Support

### Getting Help

- [Documentation](https://wiki.skygenesisenterprise.com)

- [Community Forum](https://skygenesisenterprise.com/blog)

- [GitHub Issues](https://github.com/skygenesisenterprise/aether-realm/issues)

- [Discord Server](https://skygenesisenterprise.com/discord)

## 🗺️ Roadmap

### Upcoming Features

- [ ] **Advanced Analytics** - User behavior and security analytics

- [ ] **Machine Learning** - Anomaly detection and risk-based authentication

- [ ] **Blockchain Integration** - Decentralized identity support

- [ ] **Edge Computing** - Lightweight edge deployment options

- [ ] **AI Assistant** - Natural language admin interface

### Release Schedule

- **Major Releases**: Every 6 months

- **Minor Releases**: Monthly

- **Patch Releases**: As needed

## 📈 Performance

### Benchmarks

- **Concurrent Users**: 10,000+ authenticated users

- **Login Throughput**: 5,000+ logins/second

- **API Response Time**: <100ms (95th percentile)

- **Memory Usage**: 512MB base, 2GB recommended for production

### Performance Tuning

```bash

# High-performance configuration

docker-compose --profile high-performance up -d

```

## 🌍 Ecosystem

### Integrations

- **Service Mesh**: Istio, Linkerd

- **API Gateway**: Kong, Ambassador, Traefik

- **Monitoring**: Prometheus, Grafana, ELK Stack

- **CI/CD**: Jenkins, GitLab CI, GitHub Actions

### Client Libraries

- **Java**: Spring Security, Quarkus

- **JavaScript**: React, Angular, Vue.js

- **Python**: Django, Flask

- **Go**: Gin, Echo

- **.NET**: ASP.NET Core

---



**[⭐ Star this repo](https://github.com/skygenesisenterprise/aether-realm) | [🐛 Report Issues](https://github.com/skygenesisenterprise/aether-realm/issues) | [📖 Read Docs](https://wiki.skygenesisenterprise.com)**

Made with ❤️ by the Sky Genesis Enterprise Team