Difference between revisions of "User authentication - ACTIVAGE"

From CommonsLab
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 27: Line 27:
 
* Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
 
* Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
 
* Set up [https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl SSL]
 
* Set up [https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl SSL]
 
+
* After creating jks convert to pem
 +
** keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
 +
** openssl pkcs12 -in keycloak.p12 -out keycloak.pem
 +
** mkdir /usr/share/ca-certificates/local
 +
** cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
 +
** cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
 +
** sudo dpkg-reconfigure ca-certificates
  
 
===Configure keycloak===
 
===Configure keycloak===
Line 35: Line 41:
  
 
===Middleware===
 
===Middleware===
* Setup [http://flask.pocoo.org/ flask] and python [https://gist.github.com/thomasdarimont/145dc9aa857b831ff2eff221b79d179a app sample]
+
* pip3 install keycloak [https://pypi.org/project/keycloak/#files]
* Install [https://pypi.org/project/flask-oidc/ flask_oidc]
 
 
* install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
 
* install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
 
* install python-ldap pip install python-ldap
 
* install python-ldap pip install python-ldap
 +
* Enable [https://www.raspberrypi.org/forums/viewtopic.php?p=947933 touch screen support]
  
*export PYTHONHTTPSVERIFY=0
+
*Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
 
*python app.py
 
*python app.py
  

Latest revision as of 15:32, 3 September 2019

Setup

  • Set up Raspberry Pi with latest Raspbian

Hardware

  • Connect RFID-RC522 Reader
  • Connect screen
  • Enable touch on screen

Gravitee

Keycloak

  • Install mysql
  • Download and unzip keycloak server
  • Download JDBC connector
  • Configure classpath
  • Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
  • Set up SSL
  • After creating jks convert to pem
    • keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
    • openssl pkcs12 -in keycloak.p12 -out keycloak.pem
    • mkdir /usr/share/ca-certificates/local
    • cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
    • cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
    • sudo dpkg-reconfigure ca-certificates

Configure keycloak

  • Create new realm "UAH"
  • Create new client "raspberrypi"
  • Add user federation with LDAP

Middleware

  • pip3 install keycloak [1]
  • install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
  • install python-ldap pip install python-ldap
  • Enable touch screen support
  • Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
  • python app.py

Setup UAH

  • Start keycloak (standalone.sh) on boot
  • Start script for UI (chromium on kiosk mode)


Setup test