FM
Uploaded byFederico Fernández Moreno
171 views

How to Install and Configure your own Identity Manager GE

This document provides instructions on how to install and configure the FIWARE Identity Manager GE (KeyRock). It describes the KeyRock architecture which includes the Horizon front-end, Keystone back-end, and database. It then outlines the step-by-step process for installing both the front-end and back-end components, and how to configure KeyRock for development and production environments. The document also introduces the idm-admin tool for administrating a KeyRock instance.

Embed presentation

How to Install and Configure your own Identity Manager GE Álvaro Alonso – Federico Fernández Security Team Technical University of Madrid (UPM) aalonsog@dit.upm.es – fefernandez@dit.upm.es
Outline  Introduction  KeyRock Architecture  Installing and Configuring KeyRock  Demo 1
Why do I need an Identity Manager? 2
What is an Identity Manager? 3
Why should I install FIWARE Identity Manager GE? 4
KeyRock GE: features  Users  Organizations  Authorization via roles  Applications and OAuth  IoT identity management  OpenStack services  Admin tools  SCIM API 5
KeyRock Architecture 6
KeyRock Architecture 7 Horizon Keystone DB
KeyRock Architecture: Horizon  Front-end view  Based on OpenStack Horizon  User views  Contains… • Oauth2 Driver • reCAPTCHA • FIWARE Accounts • Admin Tools • AuthZForce Driver  Extra dependencies • Python Keystoneclient • Django OpenStack Auth 8 Horizon Keystone DB
KeyRock Architecture: Keystone  Back-end component  Resources management  Connection to database  Extensions • OAuth2 • SCIM 2.0 • User registration • Two factor authentication 9 Horizon Keystone DB
KeyRock Architecture: Database  For development:  For deployment: 10 Horizon Keystone DB
#handsOn 11
Documentation & Source Code  Quick Installation Guide • http://fiware-idm.readthedocs.io/en/latest/introduction.html#how-to-build- install  Detailed Installation Guide • http://fiware-idm.readthedocs.io/en/latest/admin_guide.html#step-by- step-installation  GitHub • https://github.com/ging/fiware-idm • https://github.com/ging/horizon • https://github.com/ging/keystone  API description • http://docs.keyrock.apiary.io 12
Installing KeyRock 13
Installing the back-end 1. Install Ubuntu dependencies 1. 14.04 LTS fully supported 2. 16.04 LTS should work 2. Get the code 3. Install Python dependencies 4. Create a configuration file 14
5. Create the tables and populate the database Creation of the idm user account 15 Installing the back-end
5. Create the tables and populate the database Creation of the idm user account 6. That’s it!! 16 Installing the back-end
1. Install Ubuntu dependencies 2. Get the code 3. Create a configuration file 4. Install Python dependencies 17 Installing the front-end
1. Install Ubuntu dependencies 2. Get the code 3. Create a configuration file 4. Install Python dependencies 5. That’s it! 18 Installing the front-end
Installing Keyrock Good News  Installation tools to ease the process  Bash script • Idm user: idm • Idm psswd: idm • Keystone port: 5000 • Horizon port: 8000  Docker image  Chef cookbook 19
Configuring KeyRock 20
Configuring the back-end  Admin token  Admin port  Public port  Configure authorization, roles… 21
Configuring the front-end  Credentials for idm user  reCAPTCHA  Accont expiration 22
Configuring the front-end  AJAX pagination  Connection with Access Control GE 23
Considerations for production environments  Do not run Horizon from the dev server  Do not run KeyRock without having enabled reCAPTCHA  Do not use SQLite  Do not forget about the emails!  Do not run Keystone in dev mode 24  Do run Horizon under Apache+mod_wsgi  Do enable reCAPTCHA  Do use some production- ready DB engine (MySQL)  Do set up an SMTP server to send mails (POSTFIX)  Do set up Keystone as a service
Production env: MySQL  Configure the new SQL backend in Keystone  Grant privileges to database 25
Production env: email This will get the settings from the default SMTP server in your host 26
Production env: setting up Keystone as a service  It works like any other Linux service Create a /etc/init/ keystone_idm.conf file To run the service... 27
Production env: CORS  Whitelist to restritc access to all the endpoints in the front- end  Django signal to allow everyone access only some of the endpoints 28
Administrating KeyRock 29
Administrating KeyRock 30 $ git clone https://github.com/ging/fiware-idm imd-admin && cd imd-admin $ sudo pip install -r requirements.txt $ sudo python setup.py install $ idm-admin --help
#handsOn 31
Achievements  What is an IdM and why should I install one?  What is the architecture of FIWARE IdM GE?  Installing KeyRock • Step-by-step • Installation tools  Configuring KeyRock • Development environment • Production environment  Administrating KeyRock 32
33 Contact us! Open an Issue in GitHub: https://github.com/ging/fiware-idm E-mail & Help Desk Here at the Summit!!
Thank you! http://fiware.org Follow @FIWARE on Twitter

More Related Content

PPTX
Building secure applications with keycloak
byAbhishek Koserwal
 
PPTX
Secure your app with keycloak
byGuy Marom
 
PDF
Keycloak Single Sign-On
byRavi Yasas
 
PDF
Foreman Single Sign-On Made Easy with Keycloak
byNikhil Kathole
 
PPTX
Adding identity management and access control to your app
byÁlvaro Alonso González
 
PPTX
Client certificate validation in windows 8
byAshish Agrawal
 
PPT
Web 20 Security - Vordel
byguest2a1135
 
PPT
Java Security And Authentacation
byckofoed
 
Building secure applications with keycloak
byAbhishek Koserwal
 
Secure your app with keycloak
byGuy Marom
 
Keycloak Single Sign-On
byRavi Yasas
 
Foreman Single Sign-On Made Easy with Keycloak
byNikhil Kathole
 
Adding identity management and access control to your app
byÁlvaro Alonso González
 
Client certificate validation in windows 8
byAshish Agrawal
 
Web 20 Security - Vordel
byguest2a1135
 
Java Security And Authentacation
byckofoed
 

What's hot

PPTX
Setting up your virtual infrastructure using FIWARE Lab Cloud
byFernando Lopez Aguilar
 
PDF
Apache CloudStack Integration with HashiCorp Vault
byCloudOps2005
 
PPTX
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
bymarcuschristie
 
PPTX
Draft: building secure applications with keycloak (oidc/jwt)
byAbhishek Koserwal
 
PPTX
Context Information Management in IoT enabled smart systems - the basics
byFernando Lopez Aguilar
 
PDF
Credential store using HashiCorp Vault
byMayank Patel
 
PPTX
Azure IoT hub
byBasavaraj Mulaveesala
 
PDF
FIWARE Tech Summit - FIWARE NGSIv2 Introduction
byFIWARE
 
PDF
Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI
byIves Laaf
 
PPTX
Identity management and single sign on - how much flexibility
byRyan Dawson
 
PDF
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
byIves Laaf
 
PDF
Authentication in microservice systems - fsto 2017
byDejan Glozic
 
PPTX
Adding Identity Management and Access Control to your App
byFIWARE
 
PDF
FIWARE Tech Summit - FIWARE IoT Agents
byFIWARE
 
PPTX
The Dynamic Duo of Puppet and Vault tame SSL Certificates - Puppet Camps Cent...
byNick Maludy
 
PPTX
Types of ssl commands and keytool
byCheapSSLsecurity
 
PDF
020618 Why Do we Need HTTPS
byJackio Kwok
 
PDF
[AD/CS] Windows Server 2016 - CA Enterprise - Parte02
byJosimar Caitano
 
PPTX
.NET Fest 2017. Денис Резник. Исполнение Запроса в SQL Server. Ожидание - Реа...
byNETFest
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
byFernando Lopez Aguilar
 
Apache CloudStack Integration with HashiCorp Vault
byCloudOps2005
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
bymarcuschristie
 
Draft: building secure applications with keycloak (oidc/jwt)
byAbhishek Koserwal
 
Context Information Management in IoT enabled smart systems - the basics
byFernando Lopez Aguilar
 
Credential store using HashiCorp Vault
byMayank Patel
 
Azure IoT hub
byBasavaraj Mulaveesala
 
FIWARE Tech Summit - FIWARE NGSIv2 Introduction
byFIWARE
 
Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI
byIves Laaf
 
Identity management and single sign on - how much flexibility
byRyan Dawson
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
byIves Laaf
 
Authentication in microservice systems - fsto 2017
byDejan Glozic
 
Adding Identity Management and Access Control to your App
byFIWARE
 
FIWARE Tech Summit - FIWARE IoT Agents
byFIWARE
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates - Puppet Camps Cent...
byNick Maludy
 
Types of ssl commands and keytool
byCheapSSLsecurity
 
020618 Why Do we Need HTTPS
byJackio Kwok
 
[AD/CS] Windows Server 2016 - CA Enterprise - Parte02
byJosimar Caitano
 
.NET Fest 2017. Денис Резник. Исполнение Запроса в SQL Server. Ожидание - Реа...
byNETFest
 

Similar to How to Install and Configure your own Identity Manager GE

PDF
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
byLorenzo Carnevale
 
PDF
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
byLorenzo Carnevale
 
PPTX
OpenStack GDL : Hacking keystone | 20 Octubre 2014
byVictor Morales
 
PPTX
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
byÁlvaro Alonso González
 
PDF
Integrating Fiware Orion, Keyrock and Wilma
byDalton Valadares
 
PDF
OpenStack keystone identity service
byopenstackindia
 
PPTX
Aptira presents OpenStack keystone identity service
byOpenStack
 
PPT
Openshift + Openstack + Fedora = Awesome
byMark Atwood
 
PPTX
Keyrock - Lesson 1. Introduction
byÁlvaro Alonso González
 
PPTX
Fiware cloud developers week brussels
byFernando Lopez Aguilar
 
PPTX
Intro to the FIWARE Lab
byFIWARE
 
PPTX
Setting up your virtual infrastructure using FIWARE Lab Cloud
byFernando Lopez Aguilar
 
PPTX
Lesson 5 - Installing Keyrock in your own infrastructure
byÁlvaro Alonso González
 
PPTX
Identity service keystone ppt
byuniversity of Gujrat, pakistan
 
PPTX
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
byForgeRock
 
PPT
Presentation-final
byTAPAN KUMER HALDER TOPU
 
ODP
Openstack keystone-130319161514-phpapp02
byVietnam Open Infrastructure User Group
 
PPTX
Coding with-fiware-quick tour - cloud
byFernando Lopez Aguilar
 
PDF
Open shift origin openshift openstack fedora awesome
byOpenCity Community
 
PDF
Openstack 2013 1
byLuis Gervaso
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
byLorenzo Carnevale
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
byLorenzo Carnevale
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
byVictor Morales
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
byÁlvaro Alonso González
 
Integrating Fiware Orion, Keyrock and Wilma
byDalton Valadares
 
OpenStack keystone identity service
byopenstackindia
 
Aptira presents OpenStack keystone identity service
byOpenStack
 
Openshift + Openstack + Fedora = Awesome
byMark Atwood
 
Keyrock - Lesson 1. Introduction
byÁlvaro Alonso González
 
Fiware cloud developers week brussels
byFernando Lopez Aguilar
 
Intro to the FIWARE Lab
byFIWARE
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
byFernando Lopez Aguilar
 
Lesson 5 - Installing Keyrock in your own infrastructure
byÁlvaro Alonso González
 
Identity service keystone ppt
byuniversity of Gujrat, pakistan
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
byForgeRock
 
Presentation-final
byTAPAN KUMER HALDER TOPU
 
Openstack keystone-130319161514-phpapp02
byVietnam Open Infrastructure User Group
 
Coding with-fiware-quick tour - cloud
byFernando Lopez Aguilar
 
Open shift origin openshift openstack fedora awesome
byOpenCity Community
 
Openstack 2013 1
byLuis Gervaso
 

Recently uploaded

PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
API-First Architecture in Financial Systems
bycyy111112
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 

How to Install and Configure your own Identity Manager GE

  • 1.
    How to Installand Configure your own Identity Manager GE Álvaro Alonso – Federico Fernández Security Team Technical University of Madrid (UPM) aalonsog@dit.upm.es – fefernandez@dit.upm.es
  • 2.
    Outline  Introduction  KeyRockArchitecture  Installing and Configuring KeyRock  Demo 1
  • 3.
    Why do Ineed an Identity Manager? 2
  • 4.
    What is anIdentity Manager? 3
  • 5.
    Why should Iinstall FIWARE Identity Manager GE? 4
  • 6.
    KeyRock GE: features Users  Organizations  Authorization via roles  Applications and OAuth  IoT identity management  OpenStack services  Admin tools  SCIM API 5
  • 7.
  • 8.
  • 9.
    KeyRock Architecture: Horizon Front-end view  Based on OpenStack Horizon  User views  Contains… • Oauth2 Driver • reCAPTCHA • FIWARE Accounts • Admin Tools • AuthZForce Driver  Extra dependencies • Python Keystoneclient • Django OpenStack Auth 8 Horizon Keystone DB
  • 10.
    KeyRock Architecture: Keystone Back-end component  Resources management  Connection to database  Extensions • OAuth2 • SCIM 2.0 • User registration • Two factor authentication 9 Horizon Keystone DB
  • 11.
    KeyRock Architecture: Database For development:  For deployment: 10 Horizon Keystone DB
  • 12.
  • 13.
    Documentation & SourceCode  Quick Installation Guide • http://fiware-idm.readthedocs.io/en/latest/introduction.html#how-to-build- install  Detailed Installation Guide • http://fiware-idm.readthedocs.io/en/latest/admin_guide.html#step-by- step-installation  GitHub • https://github.com/ging/fiware-idm • https://github.com/ging/horizon • https://github.com/ging/keystone  API description • http://docs.keyrock.apiary.io 12
  • 14.
  • 15.
    Installing the back-end 1. InstallUbuntu dependencies 1. 14.04 LTS fully supported 2. 16.04 LTS should work 2. Get the code 3. Install Python dependencies 4. Create a configuration file 14
  • 16.
    5. Create thetables and populate the database Creation of the idm user account 15 Installing the back-end
  • 17.
    5. Create thetables and populate the database Creation of the idm user account 6. That’s it!! 16 Installing the back-end
  • 18.
    1. Install Ubuntu dependencies 2.Get the code 3. Create a configuration file 4. Install Python dependencies 17 Installing the front-end
  • 19.
    1. Install Ubuntu dependencies 2.Get the code 3. Create a configuration file 4. Install Python dependencies 5. That’s it! 18 Installing the front-end
  • 20.
    Installing Keyrock Good News Installation tools to ease the process  Bash script • Idm user: idm • Idm psswd: idm • Keystone port: 5000 • Horizon port: 8000  Docker image  Chef cookbook 19
  • 21.
  • 22.
    Configuring the back-end  Admintoken  Admin port  Public port  Configure authorization, roles… 21
  • 23.
    Configuring the front-end  Credentialsfor idm user  reCAPTCHA  Accont expiration 22
  • 24.
    Configuring the front-end  AJAXpagination  Connection with Access Control GE 23
  • 25.
    Considerations for productionenvironments  Do not run Horizon from the dev server  Do not run KeyRock without having enabled reCAPTCHA  Do not use SQLite  Do not forget about the emails!  Do not run Keystone in dev mode 24  Do run Horizon under Apache+mod_wsgi  Do enable reCAPTCHA  Do use some production- ready DB engine (MySQL)  Do set up an SMTP server to send mails (POSTFIX)  Do set up Keystone as a service
  • 26.
    Production env: MySQL  Configurethe new SQL backend in Keystone  Grant privileges to database 25
  • 27.
    Production env: email This willget the settings from the default SMTP server in your host 26
  • 28.
    Production env: setting upKeystone as a service  It works like any other Linux service Create a /etc/init/ keystone_idm.conf file To run the service... 27
  • 29.
    Production env: CORS  Whitelistto restritc access to all the endpoints in the front- end  Django signal to allow everyone access only some of the endpoints 28
  • 30.
  • 31.
    Administrating KeyRock 30 $ gitclone https://github.com/ging/fiware-idm imd-admin && cd imd-admin $ sudo pip install -r requirements.txt $ sudo python setup.py install $ idm-admin --help
  • 32.
  • 33.
    Achievements  What isan IdM and why should I install one?  What is the architecture of FIWARE IdM GE?  Installing KeyRock • Step-by-step • Installation tools  Configuring KeyRock • Development environment • Production environment  Administrating KeyRock 32
  • 34.
    33 Contact us! Open anIssue in GitHub: https://github.com/ging/fiware-idm E-mail & Help Desk Here at the Summit!!
  • 35.