Skip to content

Customizing DCE 5.0 Integration with IdP

Identity Provider (IdP): When DCE 5.0 needs to use a client system as the user source and authenticate users through the client system's login interface, that client system is referred to as the Identity Provider for DCE 5.

Use Cases

If there is a high customization requirement for the Ghippo login IdP, such as supporting WeCom, WeChat, or other social organization login requirements, please refer to this document for implementation.

Supported Versions

Ghippo 0.15.0 and above.

Specific Steps

Customizing Ghippo Keycloak Plugin

  1. Customize the plugin

    Refer to the official keycloak documentation and customizing Keycloak IdP for development.

  2. Build the image

    # FROM scratch
FROM scratch

# plugin
COPY ./xxx-jar-with-dependencies.jar /plugins/

Note

If you need two customized IdPs, you need to copy two jar packages.

Deploying Ghippo Keycloak Plugin Steps

  1. Upgrade Ghippo to version 0.15.0 or above. You can also directly install and deploy Ghippo version 0.15.0, but make sure to manually record the following information.

    helm -n ghippo-system get values ghippo -o yaml

    apiserver:
  image:
    repository: release.daocloud.io/ghippo-ci/ghippo-apiserver
    tag: v0.4.2-test-3-gaba5ec2
controllermanager:
  image:
    repository: release.daocloud.io/ghippo-ci/ghippo-apiserver
    tag: v0.4.2-test-3-gaba5ec2
global:
  database:
    builtIn: true
  reverseProxy: http://192.168.31.10:32628

  2. After a successful upgrade, manually run an installation command with the values for the parameters obtained from the saved content mentioned above, along with additional parameter values:

    • global.idpPlugin.enabled: Whether to enable the custom plugin, default is disabled.
    • global.idpPlugin.image.repository: The image address used by the initContainer to initialize the custom plugin.
    • global.idpPlugin.image.tag: The image tag used by the initContainer to initialize the custom plugin.
    • global.idpPlugin.path: The directory file of the custom plugin within the above image.

    Here is an example:

    helm upgrade \
    ghippo \
    ghippo-release/ghippo \
    --version v0.4.2-test-3-gaba5ec2 \
    -n ghippo-system \
    --set apiserver.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \
    --set apiserver.image.tag=v0.4.2-test-3-gaba5ec2 \
    --set controllermanager.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \
    --set controllermanager.image.tag=v0.4.2-test-3-gaba5ec2 \
    --set global.reverseProxy=http://192.168.31.10:32628 \
    --set global.database.builtIn=true \
    --set global.idpPlugin.enabled=true \
    --set global.idpPlugin.image.repository=chenyang-idp \
    --set global.idpPlugin.image.tag=v0.0.1 \
    --set global.idpPlugin.path=/plugins/.

  3. Select the desired plugin on the Keycloak administration page.

Comments