Difference between revisions of "User authentication - ACTIVAGE"
Jump to navigation
Jump to search
(→Setup) |
|||
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | =Setup | + | =Setup= |
*Set up Raspberry Pi with latest Raspbian | *Set up Raspberry Pi with latest Raspbian | ||
| + | |||
| + | ==Hardware== | ||
| + | *Connect RFID-RC522 Reader | ||
| + | *Connect screen | ||
| + | *Enable touch on screen | ||
| + | |||
==Gravitee== | ==Gravitee== | ||
*Download and copy [https://gravitee.io/ Gravitee] | *Download and copy [https://gravitee.io/ Gravitee] | ||
| Line 13: | Line 19: | ||
*Set up [https://docs.gravitee.io/am/2.x/am_installguide_gateway.html Gravitee Gateway] | *Set up [https://docs.gravitee.io/am/2.x/am_installguide_gateway.html Gravitee Gateway] | ||
*Change hostname to "uah" | *Change hostname to "uah" | ||
| + | |||
==Keycloak== | ==Keycloak== | ||
* Install mysql | * Install mysql | ||
* Download and unzip [https://www.keycloak.org/downloads.html keycloak server] | * Download and unzip [https://www.keycloak.org/downloads.html keycloak server] | ||
* Download JDBC connector | * Download JDBC connector | ||
| + | * Configure [https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-binary-installation.html classpath] | ||
| + | * Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM | ||
| + | * Set up [https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl SSL] | ||
| + | * After creating jks convert to pem | ||
| + | ** keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12 | ||
| + | ** openssl pkcs12 -in keycloak.p12 -out keycloak.pem | ||
| + | ** mkdir /usr/share/ca-certificates/local | ||
| + | ** cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt | ||
| + | ** cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem | ||
| + | ** sudo dpkg-reconfigure ca-certificates | ||
| + | |||
| + | ===Configure keycloak=== | ||
| + | * Create new realm "UAH" | ||
| + | * Create new client "raspberrypi" | ||
| + | * Add user federation with LDAP | ||
| + | |||
| + | ===Middleware=== | ||
| + | * pip3 install keycloak [https://pypi.org/project/keycloak/#files] | ||
| + | * install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev | ||
| + | * install python-ldap pip install python-ldap | ||
| + | * Enable [https://www.raspberrypi.org/forums/viewtopic.php?p=947933 touch screen support] | ||
| + | |||
| + | *Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command | ||
| + | *python app.py | ||
| + | |||
| + | ==Setup UAH== | ||
| + | *Start keycloak (standalone.sh) on boot | ||
| + | *Start script for UI (chromium on kiosk mode) | ||
| + | |||
=Setup test= | =Setup test= | ||
*Install docker | *Install docker | ||
*Install [https://github.com/rohe/oidctest oidctest] | *Install [https://github.com/rohe/oidctest oidctest] | ||
Latest revision as of 15:32, 3 September 2019
Setup
- Set up Raspberry Pi with latest Raspbian
Hardware
- Connect RFID-RC522 Reader
- Connect screen
- Enable touch on screen
Gravitee
- Download and copy Gravitee
- Set up OpenLDAP
- Download and install Apache Directory Studio
- Install Nginx
- Download latest stable release of MongoDB
- Install MongoDB
- Increase swap on Pi
- Edit gravitee.yml
- Edit constants.json change localhost to IP
- Set up Gravitee Gateway
- Change hostname to "uah"
Keycloak
- Install mysql
- Download and unzip keycloak server
- Download JDBC connector
- Configure classpath
- Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
- Set up SSL
- After creating jks convert to pem
- keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
- openssl pkcs12 -in keycloak.p12 -out keycloak.pem
- mkdir /usr/share/ca-certificates/local
- cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
- cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
- sudo dpkg-reconfigure ca-certificates
Configure keycloak
- Create new realm "UAH"
- Create new client "raspberrypi"
- Add user federation with LDAP
Middleware
- pip3 install keycloak [1]
- install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
- install python-ldap pip install python-ldap
- Enable touch screen support
- Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
- python app.py
Setup UAH
- Start keycloak (standalone.sh) on boot
- Start script for UI (chromium on kiosk mode)
Setup test
- Install docker
- Install oidctest