search

HDFGroup / hsds

Cloud-native, service based access to HDF data
https://www.hdfgroup.org/solutions/hdf-kita/
Apache License 2.0
129 stars 53 forks source link

HSDS Authentication via Keycloak (OpenID) #74

Closed itsMeBrice closed 3 years ago

itsMeBrice commented 3 years ago

I'm trying to use OpenID (via Keycloak) as an authentication provider for our HSDS instance. According to the feature list this should work but i dont' know how. Is there an example or tutorial on how to implement that?

jreadey commented 3 years ago

Implemented in HSDS branch openshift and h5pyd branch keycloak. Instructions are here: https://github.com/HDFGroup/hsds/blob/openshift/docs/keycloak_setup.md.

Would be happy to get feedback if anyone else is interested in trying this out.

itsMeBrice commented 3 years ago

I set it up and ran some simple tests. Seems to be working fine thanks! I'll try to get around to run the full test suite with this type of authentication!

jreadey commented 3 years ago

The Keycloak changes are checked into master and in the v0.6.3 tag.

jreadey commented 3 years ago

@itsMeBrice - I haven't had time to look into RBAC for KeyCloak, but take a look at what we did for Azure AD: https://github.com/HDFGroup/hsds/issues/79. If the OpenID KeyCloak handler can return the appropriate "roles" claim, this should work for KeyCloak as well.