User authentication - ACTIVAGE

From CommonsLab
Jump to: navigation, search

Setup

  • Set up Raspberry Pi with latest Raspbian

Hardware

  • Connect RFID-RC522 Reader
  • Connect screen
  • Enable touch on screen

Gravitee

Keycloak

  • Install mysql
  • Download and unzip keycloak server
  • Download JDBC connector
  • Configure classpath
  • Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
  • Set up SSL
  • After creating jks convert to pem
    • keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
    • openssl pkcs12 -in keycloak.p12 -out keycloak.pem
    • mkdir /usr/share/ca-certificates/local
    • cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
    • cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
    • sudo dpkg-reconfigure ca-certificates

Configure keycloak

  • Create new realm "UAH"
  • Create new client "raspberrypi"
  • Add user federation with LDAP

Middleware

  • pip3 install keycloak [1]
  • install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
  • install python-ldap pip install python-ldap
  • Enable touch screen support
  • Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
  • python app.py

Setup UAH

  • Start keycloak (standalone.sh) on boot
  • Start script for UI (chromium on kiosk mode)


Setup test