How to Install & Configure Your Own Identity Manager GE
0 likes585 views
The document provides a comprehensive guide on installing and configuring the Keyrock identity manager, detailing its architecture, key features, and installation steps for both back-end and front-end components. It emphasizes considerations for production environments, including database management and service configuration. The document also offers resources for further assistance and documentation related to the installation process.
How to Install & Configure Your Own Identity Manager GE
- 1. How to Install and Configure your own Identity Manager GE Álvaro Alonso – Federico Fernández Security Team Technical University of Madrid (UPM) aalonsog@dit.upm.es – fefernandez@dit.upm.es
- 2. Outline Introduction KeyRock Architecture Installing and Configuring KeyRock Demo 1
- 3. Why do I need an Identity Manager? 2
- 4. What is an Identity Manager? 3
- 5. Why should I install FIWARE Identity Manager GE? 4
- 6. KeyRock GE: features Users Organizations Authorization via roles Applications and OAuth IoT identity management OpenStack services Admin tools SCIM API 5
- 9. KeyRock Architecture: Horizon Front-end view Based on OpenStack Horizon User views Contains… • Oauth2 Driver • reCAPTCHA • FIWARE Accounts • Admin Tools • AuthZForce Driver Extra dependencies • Python Keystoneclient • Django OpenStack Auth 8 Horizon Keystone DB
- 10. KeyRock Architecture: Keystone Back-end component Resources management Connection to database Extensions • OAuth2 • SCIM 2.0 • User registration • Two factor authentication 9 Horizon Keystone DB
- 11. KeyRock Architecture: Database For development: For deployment: 10 Horizon Keystone DB
- 12. #handsOn 11
- 13. Documentation & Source Code Quick Installation Guide • http://fiware-idm.readthedocs.io/en/latest/introduction.html#how-to-build- install Detailed Installation Guide • http://fiware-idm.readthedocs.io/en/latest/admin_guide.html#step-by- step-installation GitHub • https://github.com/ging/fiware-idm • https://github.com/ging/horizon • https://github.com/ging/keystone API description • http://docs.keyrock.apiary.io 12
- 15. Installing the back-end 1. Install Ubuntu dependencies 1. 14.04 LTS fully supported 2. 16.04 LTS should work 2. Get the code 3. Install Python dependencies 4. Create a configuration file 14
- 16. 5. Create the tables and populate the database Creation of the idm user account 15 Installing the back-end
- 17. 5. Create the tables and populate the database Creation of the idm user account 6. That’s it!! 16 Installing the back-end
- 18. 1. Install Ubuntu dependencies 2. Get the code 3. Create a configuration file 4. Install Python dependencies 17 Installing the front-end
- 19. 1. Install Ubuntu dependencies 2. Get the code 3. Create a configuration file 4. Install Python dependencies 5. That’s it! 18 Installing the front-end
- 20. Installing Keyrock Good News Installation tools to ease the process Bash script • Idm user: idm • Idm psswd: idm • Keystone port: 5000 • Horizon port: 8000 Docker image Chef cookbook 19
- 22. Configuring the back-end Admin token Admin port Public port Configure authorization, roles… 21
- 23. Configuring the front-end Credentials for idm user reCAPTCHA Accont expiration 22
- 24. Configuring the front-end AJAX pagination Connection with Access Control GE 23
- 25. Considerations for production environments Do not run Horizon from the dev server Do not run KeyRock without having enabled reCAPTCHA Do not use SQLite Do not forget about the emails! Do not run Keystone in dev mode 24 Do run Horizon under Apache+mod_wsgi Do enable reCAPTCHA Do use some production- ready DB engine (MySQL) Do set up an SMTP server to send mails (POSTFIX) Do set up Keystone as a service
- 26. Production env: MySQL Configure the new SQL backend in Keystone Grant privileges to database 25
- 27. Production env: email This will get the settings from the default SMTP server in your host 26
- 28. Production env: setting up Keystone as a service It works like any other Linux service Create a /etc/init/ keystone_idm.conf file To run the service... 27
- 29. Production env: CORS Whitelist to restritc access to all the endpoints in the front- end Django signal to allow everyone access only some of the endpoints 28
- 31. Administrating KeyRock 30 $ git clone https://github.com/ging/fiware-idm imd-admin && cd imd-admin $ sudo pip install -r requirements.txt $ sudo python setup.py install $ idm-admin --help
- 32. #handsOn 31
- 33. Achievements What is an IdM and why should I install one? What is the architecture of FIWARE IdM GE? Installing KeyRock • Step-by-step • Installation tools Configuring KeyRock • Development environment • Production environment Administrating KeyRock 32
- 34. 33 Contact us! Open an Issue in GitHub: https://github.com/ging/fiware-idm E-mail & Help Desk Here at the Summit!!
- 35. Thank you! http://fiware.org Follow @FIWARE on Twitter