GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → italia → spid-keycloak-provider

italia / spid-keycloak-provider

Licence: Apache-2.0 license
Italian SPID authentication provider for Keycloak (https://www.keycloak.org/)

Programming Languages

java
68154 projects - #9 most used programming language
HTML
75241 projects

Labels

keycloakssospid

Projects that are alternatives of or similar to spid-keycloak-provider

keycloak-protocol-cas
CAS protocol provider for Keycloak
Stars: ✭ 67 (+39.58%)
Mutual labels:  keycloak, sso
keycloak-sso-configs
common keycloak single sign on configurations
Stars: ✭ 19 (-60.42%)
Mutual labels:  keycloak, sso
keycloak-session-restrictor
Simple event-listener for Keycloak which restricts the current user sessions to one (last one wins) only. Demo purposes only!
Stars: ✭ 48 (+0%)
Mutual labels:  keycloak, sso
authentik
The authentication glue you need.
Stars: ✭ 2,941 (+6027.08%)
Mutual labels:  sso
XSSO
统一单点登陆验证服务
Stars: ✭ 14 (-70.83%)
Mutual labels:  sso
spid-php-lib
PHP package for SPID authentication
Stars: ✭ 26 (-45.83%)
Mutual labels:  spid
cdk-multi-profile-plugin
Adds multi profile/account, mfa and aws sso support to cdk apps
Stars: ✭ 41 (-14.58%)
Mutual labels:  sso
waynboot-sso
基于SpringBoot,Shiro,Redis,Mybatis,SSO的多模块系统,包含了SSO单点登陆, 通用后台管理,NewBee-mall商城,每日一文等多个模块,支持Shiro与SSO模块的集成,易于上手,学习,二次开发。
Stars: ✭ 33 (-31.25%)
Mutual labels:  sso
spid-laravel
SPID authentication package for Laravel
Stars: ✭ 41 (-14.58%)
Mutual labels:  spid
keycloak-clustered
keycloak-clustered extends Keycloak docker image. It allows to run easily a cluster of Keycloak instances
Stars: ✭ 80 (+66.67%)
Mutual labels:  keycloak
keycloak-phone-provider
A Keycloak provider which phone and SMS
Stars: ✭ 83 (+72.92%)
Mutual labels:  keycloak
keycloak-springsecurity5-sample
Spring Security 5 OAuth2 Client/OIDC integration with Keycloak sample
Stars: ✭ 55 (+14.58%)
Mutual labels:  keycloak
sign-in-with-ethereum
Minimal example of sign in with Ethereum. Compatible with web3 browsers.
Stars: ✭ 25 (-47.92%)
Mutual labels:  sso
passport
The Laravel passport compatible oauth extension for your Flarum forum.
Stars: ✭ 24 (-50%)
Mutual labels:  sso
webprofile-ref-project
A example project to demonstrate implementing SAML Web browser SSO profile using OpenSAML V2
Stars: ✭ 23 (-52.08%)
Mutual labels:  sso
caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+1350%)
Mutual labels:  sso
cookbook
VueJS + NodeJS Evergreen Cookbook
Stars: ✭ 440 (+816.67%)
Mutual labels:  sso
saml-http-post-reference
Reference implementation of SSO via the SAML Identity to Service Provider initiated HTTP POST Binding
Stars: ✭ 73 (+52.08%)
Mutual labels:  sso
Connectors
Connectors simplify connecting to standalone and CloudFoundry services
Stars: ✭ 28 (-41.67%)
Mutual labels:  sso
oso-backend
Heart of the oso project.
Stars: ✭ 12 (-75%)
Mutual labels:  keycloak
View All Similar Projects ➔

Java CI with Maven GitHub release (latest SemVer) GitHub All Releases GitHub issues

spid-keycloak-provider

Italian SPID authentication provider for Keycloak (https://www.keycloak.org/)

Project details

This custom authentication provider for Keycloak enables easy integration of SPID with existing applications by leveraging Keycloak identity brokering features. Keycloak is a nice product, but still lacking on some aspects of SAML2 compatibility, and the SPID specifications deviate from the SAML2 standard in some key aspects.

Besides the SPID-SAML2 protocol differences, some of the SP behaviors are hardcoded to work with simple IdPs only (i.e. there is no support for generating SP metadata that joins multiple SPs) . Keycloak is slowly improving on this aspect, so over time this plugin will become simpler and targeted on implementing only the specific changes required by SPID.

I have documented a reference configuration for SPID and the workarounds required in the project wiki (https://github.com/italia/spid-keycloak-provider/wiki). Please make sure to read it and understand the config steps and the open issues and limitations before planning your Production environment.

Status

This project is still at an alpha stage. It is currently under development and things may change quickly. It builds and successfully allows login/logout to the SPID Validator test IdP (https://github.com/italia/spid-saml-check) and to the online SPID tester (https://www.spid-validator.it).
As far as I know it has not been used in Production in any environment yet.

Until the project gets to a stable release, it will be targeting the most recent release of Keycloak as published on the website (see property version.keycloak in file pom.xml). Currently the main branch is targeting Keycloak 16.1.1. Do not use the latest release with previous versions of Keycloak, it won't work!

Since this plugin uses some Keycloak internal modules, versions of this plugin are coupled to Keycloak versions. After (major) Keycloak upgrades, you will almost certainly have also to update this provider.

Detailed instructions on how to install and configure this component are available in the project wiki (https://github.com/italia/spid-keycloak-provider/wiki/Installing-the-SPID-provider).

Build requirements

  • git
  • JDK8+
  • Maven

Build

Just run mvn clean package for a full rebuild. The output package will be generated under target/spid-provider.jar.

Deployment

This provider should be deployed as a module, i.e. copied under {$KEYCLOAK_PATH}/standalone/deployments/, with the right permissions. Keycloak will take care of loading the module, no restart needed.

Use this command for reference:

mvn clean package && \
sudo install -C -o keycloak -g keycloak target/spid-provider.jar /opt/keycloak/standalone/deployments/

If successful you will find a new provider type called SPID in the Add Provider drop down list in the Identity Provider configuration screen.

Upgrading from previous versions

Upgrades are usually seamless, just repeat the deployment command.
Sometimes Keycloak caches don't get flushed when a new deployment occurs; in that case you will need to edit the file {$KEYCLOAK_PATH}/standalone/configuration/standalone.xml, find the following section

<theme>
  <staticMaxAge>2592000</staticMaxAge>
  <cacheThemes>true</cacheThemes>
  <cacheTemplates>true</cacheTemplates>
  <dir>${jboss.home.dir}/themes</dir>
</theme>

and change it to:

<theme>
  <staticMaxAge>-1</staticMaxAge>
  <cacheThemes>false</cacheThemes>
  <cacheTemplates>false</cacheTemplates>
  <dir>${jboss.home.dir}/themes</dir>
</theme>

Then restart Keycloak and it will reload the resources from the packages. Make sure you also clear your browser caches or use incognito mode when verifying the correct deployment. After the first reload you can turn back on the caches and restart Keycloak again.

Open issues and limitations

Please read the appropriate page on the project wiki (https://github.com/italia/spid-keycloak-provider/wiki/Open-issues-and-limitations). If your problem is not mentioned there, feel free to open an issue on GitHub.

Related projects

If you are interested in Keycloak plugins for the various Italian national auth systems, you may be interested also in:

Acknowledgements

The basic idea behind this project came from the experimental SPID integration for older Keycloak versions developed by redhat-italy at https://github.com/redhat-italy/keycloak-spid-provider.

This project is released under the Apache License 2.0, same as the main Keycloak package.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].