Difference between revisions of "User authentication - ACTIVAGE"
Jump to navigation
Jump to search
(6 intermediate revisions by the same user not shown) | |||
Line 27: | Line 27: | ||
* Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM | * Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM | ||
* Set up [https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl SSL] | * Set up [https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl SSL] | ||
− | * | + | * After creating jks convert to pem |
− | * | + | ** keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12 |
− | * | + | ** openssl pkcs12 -in keycloak.p12 -out keycloak.pem |
− | * | + | ** mkdir /usr/share/ca-certificates/local |
− | ** sudo | + | ** cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt |
+ | ** cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem | ||
+ | ** sudo dpkg-reconfigure ca-certificates | ||
===Configure keycloak=== | ===Configure keycloak=== | ||
Line 37: | Line 39: | ||
* Create new client "raspberrypi" | * Create new client "raspberrypi" | ||
* Add user federation with LDAP | * Add user federation with LDAP | ||
+ | |||
+ | ===Middleware=== | ||
+ | * pip3 install keycloak [https://pypi.org/project/keycloak/#files] | ||
+ | * install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev | ||
+ | * install python-ldap pip install python-ldap | ||
+ | * Enable [https://www.raspberrypi.org/forums/viewtopic.php?p=947933 touch screen support] | ||
+ | |||
+ | *Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command | ||
+ | *python app.py | ||
==Setup UAH== | ==Setup UAH== |
Latest revision as of 15:32, 3 September 2019
Setup
- Set up Raspberry Pi with latest Raspbian
Hardware
- Connect RFID-RC522 Reader
- Connect screen
- Enable touch on screen
Gravitee
- Download and copy Gravitee
- Set up OpenLDAP
- Download and install Apache Directory Studio
- Install Nginx
- Download latest stable release of MongoDB
- Install MongoDB
- Increase swap on Pi
- Edit gravitee.yml
- Edit constants.json change localhost to IP
- Set up Gravitee Gateway
- Change hostname to "uah"
Keycloak
- Install mysql
- Download and unzip keycloak server
- Download JDBC connector
- Configure classpath
- Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
- Set up SSL
- After creating jks convert to pem
- keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
- openssl pkcs12 -in keycloak.p12 -out keycloak.pem
- mkdir /usr/share/ca-certificates/local
- cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
- cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
- sudo dpkg-reconfigure ca-certificates
Configure keycloak
- Create new realm "UAH"
- Create new client "raspberrypi"
- Add user federation with LDAP
Middleware
- pip3 install keycloak [1]
- install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
- install python-ldap pip install python-ldap
- Enable touch screen support
- Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
- python app.py
Setup UAH
- Start keycloak (standalone.sh) on boot
- Start script for UI (chromium on kiosk mode)
Setup test
- Install docker
- Install oidctest