OpenID Connect
Secure your OpenShift 4 cluster with OpenID Connect authentication
OpenShift, starting with the version 4, is installed with a temporary administrator account, kubeadmin. When searching for a definitive solution, it might be tempting to go for the very classical “login and password” prompt, backed by an htpasswd file. But this is yet another password to remember! OpenShift can handle the OpenID Connect protocol and thus offers Single Sign On to its users. No additional password to remember: you can login to the OpenShift console with your Google Account for instance. Continue reading
Configure Red Hat SSO for 3scale using the CLI!
3scale API Management can be used in conjunction with Red Hat SSO / Keycloak to secure APIs managed by 3scale using the OpenID Connect protocol. The official documentation describes the steps to configure Red Hat SSO / Keycloak but it uses the Graphical User Interface, which can be tedious if you have multiple environments to configure. Let’s configure Red Hat SSO for 3scale using the CLI! Continue reading
Secure your Raspberry PI with Keycloak Gatekeeper on OpenWRT
In the article “Nginx with TLS on OpenWRT”, I explained how to install nginx on a Raspberry PI running OpenWRT for hosting web applications. Some of the web applications that I installed on my Raspberry PI do not feature any authentication mechanism at all. No authentication means that anybody on the internet could reach those applications and play with them. This article explains how to secure applications running on a Raspberry PI with Keycloak Gatekeeper. Continue reading
Use your Google Account as an OpenID Connect provider
We have passwords everywhere: to unlock our computer, to reach our inbox, to login as root on our Raspberry PI, etc. Unless you have a password vault to store your credentials securely, it is very difficult to keep all your credentials safe. With the OpenID Connect protocol, you can replace the individual passwords of every web application by a Google Login. This article goes through all the steps to use your Google Account as an OpenID Connect provider and subsequent articles (check links at the bottom of this article) explain how to configure the different services and software to use your Google Account as an OpenID Connect provider. Continue reading
Secure a Quarkus API with Keycloak
Quarkus is a Java stack that is Kubernetes native, lightweight and fast. Quarkus can be used for any type of backend development, including API-enabled backends. Keycloak is an open source Single Sign On solution that can be used to secure APIs. In this article, I’m describing how to secure a Quarkus API with Keycloak using JWT tokens. Continue reading