Foreman Single Sign-On Made Easy with Keycloak

•

0 likes•390 views

This document discusses single sign-on (SSO) capabilities for Foreman using Keycloak. It provides an introduction to Foreman and its authentication methods. OpenID Connect and JSON Web Tokens (JWTs) are explained as the standards that enable SSO. The document demonstrates how to configure Foreman as a client in Keycloak to enable SSO, including registering Foreman and adding user mappers. It concludes with a demo and information on resources for using Foreman and Keycloak together.

Technology

Foreman Single Sign-On
Made Easy with Keycloak
Nikhil Kathole
1

About me
Who am I ?
Quality Engineer @ Red Hat
Satellite 6 QE
Follow me:
Twitter: @NikhilKathole1
Github: ntkathole
2

Agenda
What we’re going to cover (quickly)
1. Introduction to Foreman
2. Foreman Authentication Capabilities
3. OpenID Connect
4. Single Sign On with Keycloak
5. Demo - Foreman Integration with Keycloak
6. Q & A
3

Foreman
Managing the Lifecycle of your Systems
4

Foreman Plugins
1. Choose the environment as per specific needs
2. Plugins offer custom features and maximize the flexibility
Extend and modify the Foreman
5

Foreman Plugins
Huge ecosystem of plugins
6

Foreman Authentication Capabilities
Internal/FreeIPA/AD
1. User management is a repeated need across projects
2. Native implementations
a. Internal users
b. LDAP authentication
c. Kerberos based SSO
7

Login Workflows
Internal User login
8
Browser

Login Workflows
FreeIPA User login
9
Browser

Login Workflows
Active Directory User login
10
Browser

Login Workflows
FreeIPA-AD Forest
11
Browser
Trust

Single Sign On
13
1. Redirect all the things
2. Authenticate all the things
3. Multiple applications - login once

What is Keycloak ?
1. Open Source Project
2. Identity and Access Management
3. A java app
4. Wide variety of user management use cases
14

OpenID Connect
1. Making simple things simple and complicated things possible
2. Internet Standard for Single Sign On
a. Need to authenticate the user?
b. Send user to their OpenID provider
c. Get identity token back
3. Uses simple JSON Web Tokens
15

$JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrNkp3Ymt HOTNsQThaM01yTFkwIn0.eyJqdGkiOiJkN2Y1MmQyZS0yMDk3L TQwNDEtOWM4NC1jMzQ5ZDdmNWZjNzUiLCJleHAiOjE1Nzk0M zE4NDIsIm5iZiI6MCwiaWF0IjoxNTc5NDMxNzgyLZF91c2VybmFtZ SI6InRlc3QiLCJnaXZlbl9uYW1lIjoidGVzdDEiLCJmYZ0kcmoLs9JH k43xkz_byJtenKpqwrNNDTF3UHsxn4I8doBW1pbHlfbmFtZSI6InRl c3QyIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIn0.NZ_TDotrL4Nyi1 cEGlDs5KDBlml8urlKBvk5R9hXkLJXzgseqpMKtsGQPCOC7jzmjw 19 Payload Data { "jti": "d7f52d2e-2097-4041-9c84-c349d7f5fc75", "exp": 1579431842, "iat": 1579431782, "iss": "https://keycloak.example.com/auth/realms/ssl-realm", "aud": [ "foreman.example.com-foreman-openidc", "broker", "account" ], "sub": "5097d158-6638-43b8-8c76-daade8673ed6", "typ": "Bearer", "name": "test1 test2", "groups": [DevConfCZ], "preferred_username": "test", "given_name": "test1", "family_name": "test2", "email": "test@test.com" }$

JWT Payload Data
1. Who you are
2. What you can do (groups, roles..)
3. No registration is needed in Foreman
21

$Single Sign On in Foreman With Keycloak 1. Register Foreman as client to Keycloak a. Install mod_auth_openidc and keycloak-httpd-client-install b. keycloak-httpd-client-install --app-name foreman-openidc --keycloak-server-url "{{ KEYCLOAK_URL }}" --keycloak-admin-username "{{ KEYCLOAK_USER }}" --keycloak-realm "{{ KEYCLOAK_REALM }}" --keycloak-admin-realm master --keycloak-auth-role root-admin -t openidc -l /users/extlogin 22$

Single Sign On in Foreman
With Keycloak
2. Add mappers to client
a. Group Membership Mapper
b. Audience Mapper
3. Configure Foreman settings
23

Single Sign On in Foreman
With Keycloak
25

Single Sign On in Foreman
With Keycloak
● Foreman is responsible for
○ Validate the token
○ Authorize the user based on payload
○ Map roles and permissions
26

Simple and “more” secure
1. Password goes to Identity provider
2. End application doesn’t have your password
3. Token has short expiry
4. Centralized authentication with Keycloak
5. Less work on the back end and reduced risk
27

Resources
● Visit us http://theforeman.org/
● If you do something cool with Foreman, let us know!
● Find us:
− IRC: irc.freenode.net
● #theforeman
● #theforeman-dev
− Reach out to us at
● https://community.theforeman.org/
28

THANK YOU!
Nikhil Kathole
@NikhilKathole1
30

Swagger is a specification and complete framework implementation for describing, producing, consuming, and visualizing RESTful web services. The overarching goal of Swagger is to enable client and documentation systems to update at the same pace as the server. The documentation of methods, parameters, and models are tightly integrated into the server code, allowing APIs to always stay in sync. With Swagger, deploying managing, and using powerful APIs has never been easier.

[2B7]시즌2 멀티쓰레드프로그래밍이 왜 이리 힘드나요

NAVER D2

하이퍼레저 프로젝트 개요

TIMEGATE

[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region

Ji-Woong Choi

카카오톡의 서버사이드 코틀린

if kakao

유용하(indy.jones) / kakao corp.(톡메시징파트) --- JVM 기반 언어의 코틀린은 자바의 생태계와 완전히 호환되면서도 간결하고 안전한 코드를 위한 문법을 가진 언어다. 이런 장점으로 최근 안드로이드를 중심으로 점차 자바를 대체해 가고 있지만, 아직 안정성과 성능에 보수적인 서버 분야에서 자바의 지위는 견고해 보인다. 하지만 기존의 자바 기반 프레임웍과도 완벽히 호환되는 코틀린은 서버사이드에서도 도입하지 않을 이유가 없으며 성공적인 도입 사례가 늘어날수록 그 추세는 가속화될 것이다. 현재 카카오톡의 일부 서버들도 코틀린으로 개발되어 대량의 요청을 안정적으로 서비스하고 있고 그 영역은 점점 늘어나고 있다. 이 세션에서는 다양한 서버 분야의 코틀린 도입에 도움이 될 만한 카카오톡 서버의 코틀린 적용 경험을 공유한다.

Have you ever wondered how single-sign-on on sites like Google and Facebook works? Are you a fan of stateless application architectures? Do you want to learn how to put together a modern security approach for your next Spring Boot project? If the answer is yes, to anything above, then this session is for you. Dmitry will explain what is OAuth 2.0 and JWT, why are they popular, and how to integrate them in Java project.

2023 COSCUP - Whats new in PostgreSQL 16

José Lin

JSON Web Tokens

Ivan Rosolen

Swagger With REST APIs.pptx.pdf

Knoldus Inc.

Provisioning on Libvirt with Foreman

Nikhil Kathole

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

Svetlin Nakov

Cryptography for Java Developers Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA About the Speaker What is Cryptography? Cryptography in Java – APIs and Libraries Hashes, MAC Codes and Key Derivation (KDF) Encrypting Passwords: from Plaintext to Argon2 Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) Digital Signatures, Elliptic Curves, ECDSA, EdDSA Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/

Log management system for Microservices

Võ Duy Tuấn

[NDC17] Kubernetes로 개발서버 간단히 찍어내기

SeungYong Oh

데브시스터즈의 Cookie Run: OvenBreak 에 적용된 Kubernetes 기반 다중 개발 서버 환경 구축 시스템에 대한 발표입니다. Container orchestration 기반 개발 환경 구축 시스템의 필요성과, 왜 Kubernetes를 선택했는지, Kubernetes의 개념과 유용한 기능들을 다룹니다. 아울러 구축한 시스템에 대한 데모와, 작업했던 항목들에 대해 리뷰합니다. *NDC17 발표에서는 데모 동영상을 사용했으나, 슬라이드 캡쳐로 대신합니다.

Massive service basic

DaeMyung Kang

Data Center Networks:Virtual Bridging

rjain51

Class lecture by Prof. Raj Jain on Data Center Networks:Virtual Bridging. The talk covers Levels of Network Virtualization, Network Virtualization, vSwitch, Virtual Bridging, Virtual Edge Bridge, Virtual Ethernet Port Aggregator, VEPA, S-Channels, EVB Management, PCIe, Single Root I/O Virtualization, SR-IOV, Multi-Root IOV, VM Relocation, Combining Bridges, Virtual Switch System, VSS, Virtual PortChannel, vPC, Virtual Port Channel, vPC, Fabric Extenders, Virtual Bridge Port Extension, VBE, Data Center Networks: Levels of Network Virtualization, Network Virtualization, vSwitch, Virtual Bridging, Virtual Edge Bridge, Virtual Ethernet Port Aggregator, VEPA, S-Channels, EVB Management, PCIe, Single Root I/O Virtualization, SR-IOV, Multi-Root IOV, VM Relocation, Combining Bridges, Virtual Switch System, VSS, Virtual PortChannel, vPC, Virtual Port Channel, vPC, Fabric Extenders, Virtual Bridge Port Extension, VBE. Video recording available in YouTube.

200819 NAVER TECH CONCERT 03_화려한 코루틴이 내 앱을 감싸네! 코루틴으로 작성해보는 깔끔한 비동기 코드

NAVER Engineering

Migrating and Running DBs on Amazon RDS for Oracle

Maris Elsins

The process of migrating Oracle DBs to Amazon RDS is quite complex. Some of the challenges are - capacity planning, efficient loading of data, dealing with limitations of RDS, provisioning instance configurations, and lack and SYSDBA's access to the database. The author has migrated over 20 databases to Amazon RDS, and will provide an insight into how these challenges can be addressed. Once done with the migrations – the support of the databases is very different too, because the SYSDBA access is not provided. The author will talk about his experience on migrating to and supporting databases on Amazon RDS for Oracle from Oracle DBAs perspective, and will reveal the different problems encountered as well the solutions applied.

Gaming on AWS - 1. AWS로 글로벌 게임 런칭하기 - 장르별 아키텍처 중심

Amazon Web Services Korea

Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...

Vietnam Open Infrastructure User Group

[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager

WSO2

AtlasCamp 2014: Building a Connect Add-on With Your Own Stack

Atlassian

Atlassian provides two easy-to-use frameworks for getting a Connect add-on up and running quickly – atlassian-connect-express and ac-play. But what if these frameworks don't quite fit your bill? What does it mean to build a Connect add-on with your own stack? What components do you need to write? And how does it all fit together? Attending this talk will give you enough background information to implement an add-on in the language and technology stack of your choice.

Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...

rschuppe

What's hot

API for Beginners

Sébastien Saunier

Denys Serhiienko "ASGI in depth"

Fwdays

KGC 2016 오픈소스 네트워크 엔진 Super socket 사용하기

흥배 최

인프콘 2022 - Rust 크로스 플랫폼 프로그래밍

Chris Ohk

[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링

OpenStack Korea Community

Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin

Java User Group Latvia

2023 COSCUP - Whats new in PostgreSQL 16

José Lin

JSON Web Tokens

Ivan Rosolen

Swagger With REST APIs.pptx.pdf

Knoldus Inc.

Provisioning on Libvirt with Foreman

Nikhil Kathole

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

Svetlin Nakov

Log management system for Microservices

Võ Duy Tuấn

[NDC17] Kubernetes로 개발서버 간단히 찍어내기

SeungYong Oh

Massive service basic

DaeMyung Kang

Data Center Networks:Virtual Bridging

rjain51

200819 NAVER TECH CONCERT 03_화려한 코루틴이 내 앱을 감싸네! 코루틴으로 작성해보는 깔끔한 비동기 코드

NAVER Engineering

Migrating and Running DBs on Amazon RDS for Oracle

Maris Elsins

Gaming on AWS - 1. AWS로 글로벌 게임 런칭하기 - 장르별 아키텍처 중심

Amazon Web Services Korea

Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...

Vietnam Open Infrastructure User Group

[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager

WSO2

What's hot (20)

API for Beginners

Denys Serhiienko "ASGI in depth"

KGC 2016 오픈소스 네트워크 엔진 Super socket 사용하기

인프콘 2022 - Rust 크로스 플랫폼 프로그래밍

[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링

Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin

2023 COSCUP - Whats new in PostgreSQL 16

JSON Web Tokens

Swagger With REST APIs.pptx.pdf

Provisioning on Libvirt with Foreman

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

Log management system for Microservices

[NDC17] Kubernetes로 개발서버 간단히 찍어내기

Massive service basic

Data Center Networks:Virtual Bridging

200819 NAVER TECH CONCERT 03_화려한 코루틴이 내 앱을 감싸네! 코루틴으로 작성해보는 깔끔한 비동기 코드

Migrating and Running DBs on Amazon RDS for Oracle

Gaming on AWS - 1. AWS로 글로벌 게임 런칭하기 - 장르별 아키텍처 중심

Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...

[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager

Similar to Foreman Single Sign-On Made Easy with Keycloak

AtlasCamp 2014: Building a Connect Add-on With Your Own Stack

Atlassian

Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...

rschuppe

Microservices Security Landscape

Prabath Siriwardena

SearchLove Boston 2017 | Dom Woodman | How to Get Insight From Your Logs

Distilled

In the SEO industry, we obsess on everything Google says, from John Mueller dropping a hint in a Webmaster Hangout, to the ranking data we spend $1000s to gather. Yet we ignore the data Google throws at us every day, the crawling data. For the longest time, site crawls, traffic data, and rankings have been the pillars of SEO data gathering. Log files should join them as something everyone is doing. We'll go through how to get everything set-up, look at some of the tools to make it easy and repeatable and go through the kinds of analysis you can do to get insights from the data.

Country domination - Causing chaos and wrecking havoc

Tiago Henriques

Taming botnets

f00d

Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days

Interconnection Automation For All - Extended - MPS 2023

Chris Grundemann

Matt "Grizz" Griswold and Chris Grundemann are both IX founders, internetworking experts, and automation proponents. With over 4 decades of combined experience they are now turning to sharing what they've learned about automating BGP and interconnection through a set of open source tools, along with support and services for those that need it. This talk will share what they have learned both from personal experience as well as through dozens of recent interviews with IX operators and interconnection engineers over the past several months. Including common challenges, productive methodologies, and best practices. The highlight of the talk will be announcing and describing two open source automation tools built to make interconnection and BGP easier for everyone. One is ixCtl, which is built to automate the most common and problematic tasks involved in running an internet exchange point, particularly configuring and managing secure route servers. The other is PeerCtl, which is built to automate the most common and problematic tasks involved in interconnecting an AS; from bilateral and multilateral peering to PNI and also transit connections. Code for both (along with several other tools) is available on GitHub: https://github.com/fullctl. Speaker: Chris Grundemann Speaker: Matt Griswold

International SEO: Optimizing Your Site for a Global Marketplace

Conductor

Simon Lesser, CEO, Dragon Metrics at C3 2018 It's a big world out there, and the US is only less than 10% of the world's total internet users. A killer global SEO strategy is crucial for success in the global marketplace, but international SEO brings its own set of unique challenges.We'll dive deep into the top regional search engines like Baidu, Yandex, and Naver, learning about differences in the algorithm, SERP, and how to optimize for each one. Then, we'll focus on the top tips and considerations for optimizing your site for international audiences and non-Google search engines.

Malware Analysis For The Enterprise

Jason Ross

Defcon 22-david-wyde-client-side-http-cookie-securityPriyanka Aash

Manual de autodefensa digital (INGLÉS)

Stéphane M. Grueso

Finding Evil In DNS Traffic

real_slacker007

03 integrate webapisignalr

Erhwen Kuo

進擊的 ASP.NET Web API 2 巨人 – 打造支援各種裝置及平台的服務你/妳知道WebApi (REST)己經成為一個企業IT系統整合及網路服務成長最為快速的趨勢嗎? 你/妳知道現今在網路上最被Mobile device使所用的資料交換的格式是JSON (Javascript Object Notation)而不再是肥大擁腫的XML怪獸嗎? 全世界的網路大咖都拼命地開發WebApi的服務來吸引Mobile或Web application的開發者, 我們將在這堂課中結合AngularJs與ASP.NET Web API 2來讓大家開始感受WebApi的吸引力。

2013.devcon3 liferay and google authenticator integration rafik_harabi

Rafik HARABI

Today, with expand of the web portal, many customers are seeking for more secure solutions to access to their web portal outside of their own networks. For Liferay portal customers, this request has been increased due to the number of portal deployed on Cloud and the increase of deployment of Liferay portal for internet sites (B2C …). One of the proposed solutions is the use of Multi-factor authentication mechanism. Google Authenticator is one of the lead open source dual factor authentication systems. In this presentation, we will explain the integration technical solution of Liferay and Google Authenticator in order to deliver a two-factor authentication system. The presentation will be followed by a live demo.

2013 lecture-01-introduction

Pharo

Json web token api authorization

Giulio De Donato

Start Up Austin 2017: Manual vs Automation - When to Start Automating your Pr...

Amazon Web Services

Common Browser Hijacking Methods

David Barroso

SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

Splunk

Similar to Foreman Single Sign-On Made Easy with Keycloak (20)

AtlasCamp 2014: Building a Connect Add-on With Your Own Stack

Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...

Microservices Security Landscape

SearchLove Boston 2017 | Dom Woodman | How to Get Insight From Your Logs

Country domination - Causing chaos and wrecking havoc

Taming botnets

Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis

Interconnection Automation For All - Extended - MPS 2023

International SEO: Optimizing Your Site for a Global Marketplace

Malware Analysis For The Enterprise

Defcon 22-david-wyde-client-side-http-cookie-security

Manual de autodefensa digital (INGLÉS)

Finding Evil In DNS Traffic

03 integrate webapisignalr

2013.devcon3 liferay and google authenticator integration rafik_harabi

2013 lecture-01-introduction

Json web token api authorization

Start Up Austin 2017: Manual vs Automation - When to Start Automating your Pr...

Common Browser Hijacking Methods

SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Bits & Pixels using AI for Good.........

Alison B. Lowndes

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf

Search and Society: Reimagining Information Access for Radical Futures

Bits & Pixels using AI for Good.........

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

"Impact of front-end architecture on development cost", Viktor Turskyi

The Art of the Pitch: WordPress Relationships and Sales

When stars align: studies in data quality, knowledge graphs, and machine lear...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Designing Great Products: The Power of Design and Leadership by Chief Designe...

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

GraphRAG is All You need? LLM & Knowledge Graph

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance Osaka Seminar: Overview.pdf

UiPath Test Automation using UiPath Test Suite series, part 4

JMeter webinar - integration with InfluxDB and Grafana

Connector Corner: Automate dynamic content and events by pushing a button

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Foreman Single Sign-On Made Easy with Keycloak

1. Foreman Single Sign-On Made Easy with Keycloak Nikhil Kathole 1

2. About me Who am I ? Quality Engineer @ Red Hat Satellite 6 QE Follow me: Twitter: @NikhilKathole1 Github: ntkathole 2

3. Agenda What we’re going to cover (quickly) 1. Introduction to Foreman 2. Foreman Authentication Capabilities 3. OpenID Connect 4. Single Sign On with Keycloak 5. Demo - Foreman Integration with Keycloak 6. Q & A 3

4. Foreman Managing the Lifecycle of your Systems 4

5. Foreman Plugins 1. Choose the environment as per specific needs 2. Plugins offer custom features and maximize the flexibility Extend and modify the Foreman 5

6. Foreman Plugins Huge ecosystem of plugins 6

7. Foreman Authentication Capabilities Internal/FreeIPA/AD 1. User management is a repeated need across projects 2. Native implementations a. Internal users b. LDAP authentication c. Kerberos based SSO 7

8. Login Workflows Internal User login 8 Browser

9. Login Workflows FreeIPA User login 9 Browser

10. Login Workflows Active Directory User login 10 Browser

11. Login Workflows FreeIPA-AD Forest 11 Browser Trust

12. 12 Delegate your security

13. Single Sign On 13 1. Redirect all the things 2. Authenticate all the things 3. Multiple applications - login once

14. What is Keycloak ? 1. Open Source Project 2. Identity and Access Management 3. A java app 4. Wide variety of user management use cases 14

15. OpenID Connect 1. Making simple things simple and complicated things possible 2. Internet Standard for Single Sign On a. Need to authenticate the user? b. Send user to their OpenID provider c. Get identity token back 3. Uses simple JSON Web Tokens 15

16. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrNkp3Ymt HOTNsQThaM01yTFkwIn0.eyJqdGkiOiJkN2Y1MmQyZS0yMDk3L TQwNDEtOWM4NC1jMzQ5ZDdmNWZjNzUiLCJleHAiOjE1Nzk0M zE4NDIsIm5iZiI6MCwiaWF0IjoxNTc5NDMxNzgyLZF91c2VybmFtZ SI6InRlc3QiLCJnaXZlbl9uYW1lIjoidGVzdDEiLCJmYZ0kcmoLs9JH k43xkz_byJtenKpqwrNNDTF3UHsxn4I8doBW1pbHlfbmFtZSI6InRl c3QyIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIn0.NZ_TDotrL4Nyi1 cEGlDs5KDBlml8urlKBvk5R9hXkLJXzgseqpMKtsGQPCOC7jzmjw 16

17. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrNkp3Ymt HOTNsQThaM01yTFkwIn0.eyJqdGkiOiJkN2Y1MmQyZS0yMDk3L TQwNDEtOWM4NC1jMzQ5ZDdmNWZjNzUiLCJleHAiOjE1Nzk0M zE4NDIsIm5iZiI6MCwiaWF0IjoxNTc5NDMxNzgyLZF91c2VybmFtZ SI6InRlc3QiLCJnaXZlbl9uYW1lIjoidGVzdDEiLCJmYZ0kcmoLs9JH k43xkz_byJtenKpqwrNNDTF3UHsxn4I8doBW1pbHlfbmFtZSI6InRl c3QyIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIn0.NZ_TDotrL4Nyi1 cEGlDs5KDBlml8urlKBvk5R9hXkLJXzgseqpMKtsGQPCOC7jzmjw 17

18. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrNkp3Ymt HOTNsQThaM01yTFkwIn0.eyJqdGkiOiJkN2Y1MmQyZS0yMDk3L TQwNDEtOWM4NC1jMzQ5ZDdmNWZjNzUiLCJleHAiOjE1Nzk0M zE4NDIsIm5iZiI6MCwiaWF0IjoxNTc5NDMxNzgyLZF91c2VybmFtZ SI6InRlc3QiLCJnaXZlbl9uYW1lIjoidGVzdDEiLCJmYZ0kcmoLs9JH k43xkz_byJtenKpqwrNNDTF3UHsxn4I8doBW1pbHlfbmFtZSI6InRl c3QyIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIn0.NZ_TDotrL4Nyi1 cEGlDs5KDBlml8urlKBvk5R9hXkLJXzgseqpMKtsGQPCOC7jzmjw 18 Header { "alg": "RS256", "typ": "JWT", }

19. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrNkp3Ymt HOTNsQThaM01yTFkwIn0.eyJqdGkiOiJkN2Y1MmQyZS0yMDk3L TQwNDEtOWM4NC1jMzQ5ZDdmNWZjNzUiLCJleHAiOjE1Nzk0M zE4NDIsIm5iZiI6MCwiaWF0IjoxNTc5NDMxNzgyLZF91c2VybmFtZ SI6InRlc3QiLCJnaXZlbl9uYW1lIjoidGVzdDEiLCJmYZ0kcmoLs9JH k43xkz_byJtenKpqwrNNDTF3UHsxn4I8doBW1pbHlfbmFtZSI6InRl c3QyIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIn0.NZ_TDotrL4Nyi1 cEGlDs5KDBlml8urlKBvk5R9hXkLJXzgseqpMKtsGQPCOC7jzmjw 19 Payload Data { "jti": "d7f52d2e-2097-4041-9c84-c349d7f5fc75", "exp": 1579431842, "iat": 1579431782, "iss": "https://keycloak.example.com/auth/realms/ssl-realm", "aud": [ "foreman.example.com-foreman-openidc", "broker", "account" ], "sub": "5097d158-6638-43b8-8c76-daade8673ed6", "typ": "Bearer", "name": "test1 test2", "groups": [DevConfCZ], "preferred_username": "test", "given_name": "test1", "family_name": "test2", "email": "test@test.com" }

20. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrNkp3Ymt HOTNsQThaM01yTFkwIn0.eyJqdGkiOiJkN2Y1MmQyZS0yMDk3L TQwNDEtOWM4NC1jMzQ5ZDdmNWZjNzUiLCJleHAiOjE1Nzk0M zE4NDIsIm5iZiI6MCwiaWF0IjoxNTc5NDMxNzgyLZF91c2VybmFtZ SI6InRlc3QiLCJnaXZlbl9uYW1lIjoidGVzdDEiLCJmYZ0kcmoLs9JH k43xkz_byJtenKpqwrNNDTF3UHsxn4I8doBW1pbHlfbmFtZSI6InRl c3QyIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIn0.NZ_TDotrL4Nyi1 cEGlDs5KDBlml8urlKBvk5R9hXkLJXzgseqpMKtsGQPCOC7jzmjw 20 Signature

21. JWT Payload Data 1. Who you are 2. What you can do (groups, roles..) 3. No registration is needed in Foreman 21

22. Single Sign On in Foreman With Keycloak 1. Register Foreman as client to Keycloak a. Install mod_auth_openidc and keycloak-httpd-client-install b. keycloak-httpd-client-install --app-name foreman-openidc --keycloak-server-url "{{ KEYCLOAK_URL }}" --keycloak-admin-username "{{ KEYCLOAK_USER }}" --keycloak-realm "{{ KEYCLOAK_REALM }}" --keycloak-admin-realm master --keycloak-auth-role root-admin -t openidc -l /users/extlogin 22

23. Single Sign On in Foreman With Keycloak 2. Add mappers to client a. Group Membership Mapper b. Audience Mapper 3. Configure Foreman settings 23

24. 24 Demo

25. Single Sign On in Foreman With Keycloak 25

26. Single Sign On in Foreman With Keycloak ● Foreman is responsible for ○ Validate the token ○ Authorize the user based on payload ○ Map roles and permissions 26

27. Simple and “more” secure 1. Password goes to Identity provider 2. End application doesn’t have your password 3. Token has short expiry 4. Centralized authentication with Keycloak 5. Less work on the back end and reduced risk 27

28. Resources ● Visit us http://theforeman.org/ ● If you do something cool with Foreman, let us know! ● Find us: − IRC: irc.freenode.net ● #theforeman ● #theforeman-dev − Reach out to us at ● https://community.theforeman.org/ 28

29. Q & A Nikhil Kathole @NikhilKathole1 29

30. THANK YOU! Nikhil Kathole @NikhilKathole1 30

Foreman Single Sign-On Made Easy with Keycloak

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Foreman Single Sign-On Made Easy with Keycloak

Similar to Foreman Single Sign-On Made Easy with Keycloak (20)

Recently uploaded

Recently uploaded (20)

Foreman Single Sign-On Made Easy with Keycloak