Difference between revisions of "User authentication - ACTIVAGE"
Jump to navigation
Jump to search
(24 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | =Setup= | ||
*Set up Raspberry Pi with latest Raspbian | *Set up Raspberry Pi with latest Raspbian | ||
+ | |||
+ | ==Hardware== | ||
+ | *Connect RFID-RC522 Reader | ||
+ | *Connect screen | ||
+ | *Enable touch on screen | ||
+ | |||
+ | ==Gravitee== | ||
*Download and copy [https://gravitee.io/ Gravitee] | *Download and copy [https://gravitee.io/ Gravitee] | ||
*Set up OpenLDAP | *Set up OpenLDAP | ||
*Download and install [https://directory.apache.org/studio/download/download-linux.html Apache Directory Studio] | *Download and install [https://directory.apache.org/studio/download/download-linux.html Apache Directory Studio] | ||
*Install [https://www.raspberrypi.org/documentation/remote-access/web-server/nginx.md Nginx] | *Install [https://www.raspberrypi.org/documentation/remote-access/web-server/nginx.md Nginx] | ||
+ | *Download latest stable release of [https://andyfelong.com/2017/03/mongodb-3-0-14-binaries-for-raspberry-pi-3/ MongoDB] | ||
+ | *Install MongoDB | ||
+ | *Increase [https://www.raspberrypi.org/forums/viewtopic.php?t=46472 swap on Pi] | ||
+ | *Edit gravitee.yml | ||
+ | *Edit constants.json change localhost to IP | ||
+ | *Set up [https://docs.gravitee.io/am/2.x/am_installguide_gateway.html Gravitee Gateway] | ||
+ | *Change hostname to "uah" | ||
+ | |||
+ | ==Keycloak== | ||
+ | * Install mysql | ||
+ | * Download and unzip [https://www.keycloak.org/downloads.html keycloak server] | ||
+ | * Download JDBC connector | ||
+ | * Configure [https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-binary-installation.html classpath] | ||
+ | * Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM | ||
+ | * Set up [https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl SSL] | ||
+ | * After creating jks convert to pem | ||
+ | ** keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12 | ||
+ | ** openssl pkcs12 -in keycloak.p12 -out keycloak.pem | ||
+ | ** mkdir /usr/share/ca-certificates/local | ||
+ | ** cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt | ||
+ | ** cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem | ||
+ | ** sudo dpkg-reconfigure ca-certificates | ||
+ | |||
+ | ===Configure keycloak=== | ||
+ | * Create new realm "UAH" | ||
+ | * Create new client "raspberrypi" | ||
+ | * Add user federation with LDAP | ||
+ | |||
+ | ===Middleware=== | ||
+ | * pip3 install keycloak [https://pypi.org/project/keycloak/#files] | ||
+ | * install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev | ||
+ | * install python-ldap pip install python-ldap | ||
+ | * Enable [https://www.raspberrypi.org/forums/viewtopic.php?p=947933 touch screen support] | ||
+ | |||
+ | *Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command | ||
+ | *python app.py | ||
+ | |||
+ | ==Setup UAH== | ||
+ | *Start keycloak (standalone.sh) on boot | ||
+ | *Start script for UI (chromium on kiosk mode) | ||
+ | |||
+ | |||
+ | =Setup test= | ||
+ | *Install docker | ||
+ | *Install [https://github.com/rohe/oidctest oidctest] |
Latest revision as of 15:32, 3 September 2019
Setup
- Set up Raspberry Pi with latest Raspbian
Hardware
- Connect RFID-RC522 Reader
- Connect screen
- Enable touch on screen
Gravitee
- Download and copy Gravitee
- Set up OpenLDAP
- Download and install Apache Directory Studio
- Install Nginx
- Download latest stable release of MongoDB
- Install MongoDB
- Increase swap on Pi
- Edit gravitee.yml
- Edit constants.json change localhost to IP
- Set up Gravitee Gateway
- Change hostname to "uah"
Keycloak
- Install mysql
- Download and unzip keycloak server
- Download JDBC connector
- Configure classpath
- Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
- Set up SSL
- After creating jks convert to pem
- keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
- openssl pkcs12 -in keycloak.p12 -out keycloak.pem
- mkdir /usr/share/ca-certificates/local
- cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
- cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
- sudo dpkg-reconfigure ca-certificates
Configure keycloak
- Create new realm "UAH"
- Create new client "raspberrypi"
- Add user federation with LDAP
Middleware
- pip3 install keycloak [1]
- install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
- install python-ldap pip install python-ldap
- Enable touch screen support
- Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
- python app.py
Setup UAH
- Start keycloak (standalone.sh) on boot
- Start script for UI (chromium on kiosk mode)
Setup test
- Install docker
- Install oidctest