The purpose of this repository is to show how to simply secure with free and opensource components any web application with Open ID connect and provide SSO login without modifying it.
docker compose is required to run this example
Add the following line to your hosts file to make domain names available on your computer
127.0.0.1 python.local java.local keycloak.local static.local
Run the following commands to run the example
# build images
docker compose build
# run containers
docker compose up
Following application are now available on your computer
URL | Credentials | Description |
---|---|---|
http://keycloak.local:8080 | user: admin password: admin |
Keycloak admin page |
http://localhost:8888 | N/A (publicly available) | Apache public page |
http://python.local:8888 | user: python password: python |
Python webapp |
http://java.local:8888 | user: user password: user |
Java webapp |
You can logout to both application and identity provider by using front channel logout urls
http://java.local:8888/redirect_oidc?logout=get
http://python.local:8888/redirect_oidc?logout=get
See module documentation for more details about logout.
Keycloak is an opensource Identity and Access Management tool used as an Open Id Connect Identity provider. For this example a pre-configured realm with an A OpenID connect client named apache-oidc that allows Apache web server to authenticate user.
Apache web server is used as a reverse proxy to handle any public network request and ensure SSO protection thanks to ODIC module. For this example a docker image based on official httpd image is build to add OIDC module and change web server configuration.
Python app is a minimal python web application that uses Flask framework.
Java app is a minimal java web application that uses Spring Boot framework.