Drawio |
---|
border | true |
---|
| |
---|
diagramName | Authentication |
---|
simpleViewer | false |
---|
width | |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 843 |
---|
revision | 4 |
---|
|
Current setup (MonrealMontreal) for the Keycloak setup (see ONAP on ServiceMesh (London)):
- keycloak-init provides a realm with predefined users/roles https://git.onap.org/oom/tree/kubernetes/platform/components/keycloak-init
- oauth2-proxy added to OOM deployment and configured as authentication provider (https://git.onap.org/oom/tree/kubernetes/platform/components/oauth2-proxy)
- currently no "Authorization Policy" defined on Ingress to restrict access to API/UIs
Idea from Tata Consulting (see OOM Meeting Notes - 2024-02-14)
- Generate Keycloak Realm with configurable:
- Generate AuthorizationPolicies and AuthoritationRequest resources for Ingress APIs
Drawio |
---|
border | true |
---|
| |
---|
diagramName | London (Production)keycloak-init |
---|
simpleViewer | false |
---|
width | 400600 |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 7241361 |
---|
revision | 14 |
---|
|