User authentication - ACTIVAGE
Setup
- Set up Raspberry Pi with latest Raspbian
Hardware
- Connect RFID-RC522 Reader
- Connect screen
- Enable touch on screen
Gravitee
- Download and copy Gravitee
- Set up OpenLDAP
- Download and install Apache Directory Studio
- Install Nginx
- Download latest stable release of MongoDB
- Install MongoDB
- Increase swap on Pi
- Edit gravitee.yml
- Edit constants.json change localhost to IP
- Set up Gravitee Gateway
- Change hostname to "uah"
Keycloak
- Install mysql
- Download and unzip keycloak server
- Download JDBC connector
- Configure classpath
- Add "JAVA_OPTS="$JAVA_OPTS -XX:+CreateMinidumpOnCrash"" to standalone.conf to fix failed core dumps of JVM
- Set up SSL
- After creating jks convert to pem
- keytool -importkeystore -srckeystore keycloak.jks -destkeystore foo.p12 -srcstoretype jks -deststoretype pkcs12
- openssl pkcs12 -in keycloak.p12 -out keycloak.pem
- mkdir /usr/share/ca-certificates/local
- cp keycloak.crt /usr/share/ca-certificates/local/keycloak.crt
- cp keycloak.pem /usr/share/ca-certificates/local/keycloak.pem
- sudo dpkg-reconfigure ca-certificates
Configure keycloak
- Create new realm "UAH"
- Create new client "raspberrypi"
- Add user federation with LDAP
Middleware
- pip3 install keycloak [1]
- install python-ldap dependencies sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
- install python-ldap pip install python-ldap
- Enable touch screen support
- Copy keycloak.crt to client /etc/ssl/certs then run update-ca-certificates command
- python app.py
Setup UAH
- Start keycloak (standalone.sh) on boot
- Start script for UI (chromium on kiosk mode)
Setup test
- Install docker
- Install oidctest