Customizing DCE 5.0 Integration with IdP¶
Identity Provider (IdP): In DCE 5.0, when a client system needs to be used as the user source and user authentication is performed through the client system's login interface, the client system is referred to as the Identity Provider for DCE 5.0.
Use Cases¶
If there is a high customization requirement for the Ghippo login IdP, such as supporting WeCom, WeChat, or other social organization login requirements, please refer to this document for implementation.
Supported Versions¶
Ghippo v0.15.0 and above.
Specific Steps¶
Customizing Ghippo Keycloak Plugin¶
-
Customize the plugin
Refer to the official keycloak documentation and customizing Keycloak IdP for development.
-
Build the image
Note
If you need two customized IdPs, you need to copy two jar packages.
Deploying Ghippo Keycloak Plugin Steps¶
-
Upgrade Ghippo to v0.15.0 or above. You can also directly install and deploy Ghippo v0.15.0, but make sure to manually record the following information.
-
After a successful upgrade, an installation command should be manually run. The parameter values set in
--set
should be gotten from the above saved content, along with additional parameter values:- global.idpPlugin.enabled: Whether to enable the custom plugin, default is disabled.
- global.idpPlugin.image.repository: The image address used by the initContainer to initialize the custom plugin.
- global.idpPlugin.image.tag: The image tag used by the initContainer to initialize the custom plugin.
- global.idpPlugin.path: The directory file of the custom plugin within the above image.
Here is an example:
helm upgrade \ ghippo \ ghippo-release/ghippo \ --version v0.4.2-test-3-gaba5ec2 \ -n ghippo-system \ --set apiserver.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \ --set apiserver.image.tag=v0.4.2-test-3-gaba5ec2 \ --set controllermanager.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \ --set controllermanager.image.tag=v0.4.2-test-3-gaba5ec2 \ --set global.reverseProxy=http://192.168.31.10:32628 \ --set global.database.builtIn=true \ --set global.idpPlugin.enabled=true \ --set global.idpPlugin.image.repository=chenyang-idp \ --set global.idpPlugin.image.tag=v0.0.1 \ --set global.idpPlugin.path=/plugins/.
-
Select the desired plugin on the Keycloak administration page.