This Keycloak plugin adds production and testing identity providers for using Greek General Secretariat of Information Systems for Public Administration (GSIS) OAuth 2 Services.
Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and Google. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
- TAXISnet OAuth2.0 authentication service testing environment (gsis-taxis-test)
- TAXISnet OAuth2.0 authentication service production environment (gsis-taxis)
- Employees OAuth2.0 authentication service testing environment (gsis-govuser-test)
- Employees OAuth2.0 authentication service production environment (gsis-govuser)
In order to be able to use Gsis OAuth 2.0 authentication services you need to request permission from GSIS. Instructions can be found at Interoperability Center of the Ministry of Digital Governance (KE.D) web site.
After your request to KE.D is approved you will be given a clientId and a clientSecret for connectiong your application with Gsis OAuth2.0 providers.
IMPORTANT NOTICE:
You must acquire a separate permission (separate clientId) for each specific application you want to use GSIS OAuth2 with. Providing GSIS OAuth2 identification and authorization data to applications other than those an acquired permission is for, is against the service license provided by GSIS and will result in revoking your access to the service.
Quick: Download latest release jar from Releases page. Then deploy it into $KEYCLOAK_HOME/standalone/deployments/ directory.
You will need a functional Keycloak deployment. You can read Keycloak getting started guide for instructions on setting up a Keycloak instance. You can also run Keycloak as a Docker Container , or deploy Keycloak on Kubernetes via plain manifest or using the Keycloak Operator.
After having set up your Keycloak download the latest Keycloak Gsis Providers release jar and install it to your instance. See Keycloak server installation documentation for more info. You can also easily deploy the extension through Operator Keycloak Manifest if you are using Keycloak Operator on Kubernetes.
After successfully installing the extension the following options will be available through Identity Providers -> Add Provider Keycloak administration console menu:
- GsisTaxisTest (TAXISnet testing)
- GsisTaxis (TAXISnet production)
- GsisGovuserTest (Employees testing)
- GsisGovUser (Employees production)
- Add the Gsis Identity Provider you want to use in the realm which you want to configure.
- In the Gsis identity provider page, set Client Id and Client Secret.
- (Optional) Set the alias for the provider and other options if you want.
- (Optional) Set up provider mappers (See profile fields)
See the Identity Brokering section of Keycloak Server Admin for more info.
Gsis OAuth 2.0 service provides the following profile fields for individuals:
- userid
- taxid
- lastname
- firstname
- fathername
- mothername
- birthyear
In Identity Provider Mapper page Select Attribute Importer as Mapper Type to import a profile field as user attribute.
Clone this repository and run mvn package. You can see keycloak-gsis-providers-{vesrion}.jar under target directory.
Apache License, Version 2.0
Built for the needs of Greek School Network and Networking Technologies Directorate. Based on this sample extension by xgp.