SlideShare a Scribd company logo

How to Install and Configure your own Identity Manager GE

F
Federico Fernández Moreno

This document provides instructions on how to install and configure the FIWARE Identity Manager GE (KeyRock). It describes the KeyRock architecture which includes the Horizon front-end, Keystone back-end, and database. It then outlines the step-by-step process for installing both the front-end and back-end components, and how to configure KeyRock for development and production environments. The document also introduces the idm-admin tool for administrating a KeyRock instance.

Technology
1 of 35
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
How to Install and Configure your own Identity Manager GE Álvaro Alonso – Federico Fernández Security Team Technical University of Madrid (UPM) aalonsog@dit.upm.es – fefernandez@dit.upm.es
Outline  Introduction  KeyRock Architecture  Installing and Configuring KeyRock  Demo 1
Why do I need an Identity Manager? 2
What is an Identity Manager? 3
Why should I install FIWARE Identity Manager GE? 4
KeyRock GE: features  Users  Organizations  Authorization via roles  Applications and OAuth  IoT identity management  OpenStack services  Admin tools  SCIM API 5
KeyRock Architecture 6
KeyRock Architecture 7 Horizon Keystone DB
KeyRock Architecture: Horizon  Front-end view  Based on OpenStack Horizon  User views  Contains… • Oauth2 Driver • reCAPTCHA • FIWARE Accounts • Admin Tools • AuthZForce Driver  Extra dependencies • Python Keystoneclient • Django OpenStack Auth 8 Horizon Keystone DB
KeyRock Architecture: Keystone  Back-end component  Resources management  Connection to database  Extensions • OAuth2 • SCIM 2.0 • User registration • Two factor authentication 9 Horizon Keystone DB
KeyRock Architecture: Database  For development:  For deployment: 10 Horizon Keystone DB
#handsOn 11
Documentation & Source Code  Quick Installation Guide • http://fiware-idm.readthedocs.io/en/latest/introduction.html#how-to-build- install  Detailed Installation Guide • http://fiware-idm.readthedocs.io/en/latest/admin_guide.html#step-by- step-installation  GitHub • https://github.com/ging/fiware-idm • https://github.com/ging/horizon • https://github.com/ging/keystone  API description • http://docs.keyrock.apiary.io 12
Installing KeyRock 13
Installing the back-end 1. Install Ubuntu dependencies 1. 14.04 LTS fully supported 2. 16.04 LTS should work 2. Get the code 3. Install Python dependencies 4. Create a configuration file 14
5. Create the tables and populate the database Creation of the idm user account 15 Installing the back-end
5. Create the tables and populate the database Creation of the idm user account 6. That’s it!! 16 Installing the back-end
1. Install Ubuntu dependencies 2. Get the code 3. Create a configuration file 4. Install Python dependencies 17 Installing the front-end
1. Install Ubuntu dependencies 2. Get the code 3. Create a configuration file 4. Install Python dependencies 5. That’s it! 18 Installing the front-end
Installing Keyrock Good News  Installation tools to ease the process  Bash script • Idm user: idm • Idm psswd: idm • Keystone port: 5000 • Horizon port: 8000  Docker image  Chef cookbook 19
Configuring KeyRock 20
Configuring the back-end  Admin token  Admin port  Public port  Configure authorization, roles… 21
Configuring the front-end  Credentials for idm user  reCAPTCHA  Accont expiration 22
Configuring the front-end  AJAX pagination  Connection with Access Control GE 23
Considerations for production environments  Do not run Horizon from the dev server  Do not run KeyRock without having enabled reCAPTCHA  Do not use SQLite  Do not forget about the emails!  Do not run Keystone in dev mode 24  Do run Horizon under Apache+mod_wsgi  Do enable reCAPTCHA  Do use some production- ready DB engine (MySQL)  Do set up an SMTP server to send mails (POSTFIX)  Do set up Keystone as a service
Production env: MySQL  Configure the new SQL backend in Keystone  Grant privileges to database 25
Production env: email This will get the settings from the default SMTP server in your host 26
Production env: setting up Keystone as a service  It works like any other Linux service Create a /etc/init/ keystone_idm.conf file To run the service... 27
Production env: CORS  Whitelist to restritc access to all the endpoints in the front- end  Django signal to allow everyone access only some of the endpoints 28
Administrating KeyRock 29
Administrating KeyRock 30 $ git clone https://github.com/ging/fiware-idm imd-admin && cd imd-admin $ sudo pip install -r requirements.txt $ sudo python setup.py install $ idm-admin --help
#handsOn 31
Achievements  What is an IdM and why should I install one?  What is the architecture of FIWARE IdM GE?  Installing KeyRock • Step-by-step • Installation tools  Configuring KeyRock • Development environment • Production environment  Administrating KeyRock 32
33 Contact us! Open an Issue in GitHub: https://github.com/ging/fiware-idm E-mail & Help Desk Here at the Summit!!
Thank you! http://fiware.org Follow @FIWARE on Twitter

More Related Content

What's hot (19)

PDF
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
PPTX
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
PPTX
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
PPTX
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
 
PDF
[AD/CS] Windows Server 2016 - CA Enterprise - Parte02
Josimar Caitano
 
PPTX
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
PPTX
Identity management and single sign on - how much flexibility
Ryan Dawson
 
PDF
Apache CloudStack Integration with HashiCorp Vault
CloudOps2005
 
PPTX
.NET Fest 2017. Денис Резник. Исполнение Запроса в SQL Server. Ожидание - Реа...
NETFest
 
PDF
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
Ives Laaf
 
PPTX
Azure IoT hub
Basavaraj Mulaveesala
 
PPTX
The Dynamic Duo of Puppet and Vault tame SSL Certificates - Puppet Camps Cent...
Nick Maludy
 
PDF
FIWARE Tech Summit - FIWARE NGSIv2 Introduction
FIWARE
 
PDF
FIWARE Tech Summit - FIWARE IoT Agents
FIWARE
 
PDF
020618 Why Do we Need HTTPS
Jackio Kwok
 
PPTX
Types of ssl commands and keytool
CheapSSLsecurity
 
PPTX
Adding Identity Management and Access Control to your App
FIWARE
 
PDF
Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI
Ives Laaf
 
PDF
Credential store using HashiCorp Vault
Mayank Patel
 
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
 
[AD/CS] Windows Server 2016 - CA Enterprise - Parte02
Josimar Caitano
 
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
Identity management and single sign on - how much flexibility
Ryan Dawson
 
Apache CloudStack Integration with HashiCorp Vault
CloudOps2005
 
.NET Fest 2017. Денис Резник. Исполнение Запроса в SQL Server. Ожидание - Реа...
NETFest
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
Ives Laaf
 
Azure IoT hub
Basavaraj Mulaveesala
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates - Puppet Camps Cent...
Nick Maludy
 
FIWARE Tech Summit - FIWARE NGSIv2 Introduction
FIWARE
 
FIWARE Tech Summit - FIWARE IoT Agents
FIWARE
 
020618 Why Do we Need HTTPS
Jackio Kwok
 
Types of ssl commands and keytool
CheapSSLsecurity
 
Adding Identity Management and Access Control to your App
FIWARE
 
Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI
Ives Laaf
 
Credential store using HashiCorp Vault
Mayank Patel
 

Similar to How to Install and Configure your own Identity Manager GE (20)

PPTX
Lesson 5 - Installing Keyrock in your own infrastructure
Álvaro Alonso González
 
PPTX
Identity service keystone ppt
university of Gujrat, pakistan
 
PDF
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
PPTX
Aptira presents OpenStack keystone identity service
OpenStack
 
PPTX
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
 
PDF
OpenStack keystone identity service
openstackindia
 
PPT
Openshift + Openstack + Fedora = Awesome
Mark Atwood
 
PDF
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
PDF
Openstack 2013 1
Luis Gervaso
 
PPTX
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
Álvaro Alonso González
 
PPTX
Intro to the FIWARE Lab
FIWARE
 
PPTX
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
 
PDF
Open shift origin openshift openstack fedora awesome
OpenCity Community
 
PPT
Presentation-final
TAPAN KUMER HALDER TOPU
 
PPTX
Keyrock - Lesson 1. Introduction
Álvaro Alonso González
 
PPTX
Coding with-fiware-quick tour - cloud
Fernando Lopez Aguilar
 
PDF
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
PPTX
Fiware cloud developers week brussels
Fernando Lopez Aguilar
 
ODP
Openstack keystone-130319161514-phpapp02
Vietnam Open Infrastructure User Group
 
PPTX
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Lesson 5 - Installing Keyrock in your own infrastructure
Álvaro Alonso González
 
Identity service keystone ppt
university of Gujrat, pakistan
 
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
Aptira presents OpenStack keystone identity service
OpenStack
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
 
OpenStack keystone identity service
openstackindia
 
Openshift + Openstack + Fedora = Awesome
Mark Atwood
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Openstack 2013 1
Luis Gervaso
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
Álvaro Alonso González
 
Intro to the FIWARE Lab
FIWARE
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
 
Open shift origin openshift openstack fedora awesome
OpenCity Community
 
Presentation-final
TAPAN KUMER HALDER TOPU
 
Keyrock - Lesson 1. Introduction
Álvaro Alonso González
 
Coding with-fiware-quick tour - cloud
Fernando Lopez Aguilar
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Fiware cloud developers week brussels
Fernando Lopez Aguilar
 
Openstack keystone-130319161514-phpapp02
Vietnam Open Infrastructure User Group
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Ad

Recently uploaded (20)

PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
Biography of Daniel Podor.pdf
Daniel Podor
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Ad

How to Install and Configure your own Identity Manager GE