Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [hono-dev] How to set Keycloak as Authentication service provider (OIDC) for Eclipse Hono? 
On 16.06.19 16:16, Stephan Penner wrote:
>  
> I am stuck configuring keycloak as the authentication and authorisation
> service provider for eclipse hono on our Kubernetes cluster (Using Rancher).

There are multiple auth scenarios within Hono. In order to help you with
your problem we first need to understand which one we are talking about.

Hono's protocol adapters and the (example) device registry that comes
with Hono use the Auth service for authenticating and authorizing each
other.

Devices are authenticated by the protocol adapters using information
stored in the device registry's Credentials service.

Finally, applications are authenticated and authorized by the AMQP
Messaging Network to which they connect. In the example deployment, the
AMQP Messaging Network is implemented by a single Qpid Dispatch Router
and Artemis broker. Applications connect to the Dispatch Routerin order
to receive telemetry and send commands. The Dispatch Router is
configured to delegate authentication to the Auth server and performing
authorization based on its address configuration.

I assume you are talking about the authentication of downstream
applications, right? Because there is little need/reason to change the
other(s).

> The Documentation gives little to no help about that and every research
> on this topic results in suggestions to use keycloak for Eclipse Hono,
> but not how to actually install or configure hono to use keycloak.

The only place where I can imagine KeyCloak to be used in a pofitable
way would be the authentication of downstream applications. However,
whether this is actually possible largely depends on the type of AMQP
Messaging Network you are going to use, e.g. single Dispatch Router &
Artemis vs. full fledged enMasse vs. simple AMQP based message broker.

Can you describe your setup so that we can understand what we are
talking about?

> Could someone help me out? Has someone already installed Eclipse Hono
> and set Keycloak as Autorisation and/or Authentication provider?
> Setting up keycloak as the central authentication and authorisation
> service provider, in a kubernetes cluster, for an IoT platform using
> eclipse Hono and Eclipse Ditto.
>  
>  
> Besides: Stackoveflow Question to this topic at
> https://stackoverflow.com/questions/56611145/how-to-set-keycloak-as-authentication-service-provider-oidc-for-eclipse-hono
> 
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/hono-dev
> 

-- 
Mit freundlichen Grüßen / Best regards

Kai Hudalla
Chief Software Architect

Bosch Software Innovations GmbH
Ullsteinstr. 128
12109 Berlin
GERMANY
www.bosch-si.com

Registered Office: Berlin, Registration Court: Amtsgericht
Charlottenburg; HRB 148411 B
Chairman of the Supervisory Board: Dr.-Ing. Thorsten Lücke;
Managing Directors: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic

Back to the top