Skip to content

Commit b39ab1c

Browse files
author
fbernard
committed
Add documentation
1 parent 56b55da commit b39ab1c

File tree

2 files changed

+49
-1
lines changed

2 files changed

+49
-1
lines changed

README.md

Lines changed: 49 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,49 @@
1-
# elastic-keycloak-security
1+
# Keycloak security plugin for Elasticsearch
2+
3+
A Simple xpack security plugin to secure [Elasticsearch](https://www.elastic.co/fr/products/elasticsearch) with [Keycloak](https://www.keycloak.org/)
4+
5+
## Installation
6+
7+
- Install plugin
8+
```
9+
<ES_HOME>/bin/elasticsearch-plugin install https://github.com/fb64/elastic-keycloak-security/releases/download/0.1_es6.4.3/keycloak-security-0.1_es6.4.3.zip
10+
```
11+
12+
- Accept permissions to finish installation
13+
14+
- Permissions details
15+
- java.lang.RuntimePermission accessDeclaredMembers &rarr; used by keycloak-adapter
16+
- java.lang.RuntimePermission getClassLoader &rarr; used by keycloak-adapter
17+
- java.lang.reflect.ReflectPermission suppressAccessChecks &rarr; used by keycloak-adapter
18+
- java.net.SocketPermission * connect,resolve &rarr; use to communicate with keycloak server
19+
20+
21+
### Configuration
22+
23+
- Get client configuration file from keycloak : (Your Realm) &rarr; Clients &rarr; (Your client) &rarr; Installation
24+
25+
<img src="doc/assets/img/keycloak-client-installation.jpg">
26+
27+
- Copy keycloak client configuration in <ES_HOME>/config/keycloak.config
28+
29+
- Add and configure keycloak realm in <ES_HOME>/config/elasticsearch.yml file :
30+
```YAML
31+
xpack.security.authc.realms.keycloak.order: 0
32+
xpack.security.authc.realms.keycloak.type: keycloak
33+
xpack.security.authc.realms.keycloak.config: keycloak.config
34+
xpack.security.enabled: true
35+
```
36+
37+
- Test integration
38+
39+
```Bash
40+
curl -X GET http://<ES_HOST>:<ES_PORT>/ -H 'Authorization: Bearer <KEYCLOAK TOKEN>'
41+
```
42+
43+
## Development
44+
45+
For development and test you can run a keycloak instance with pre-configured realm by using docker (from repository root directory) :
46+
47+
```Bash
48+
docker run -d -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e KEYCLOAK_IMPORT=/tmp/elastic-realm-export.json -v "$(pwd)"/src/test/resources/config/elastic-realm-export.json:/tmp/elastic-realm-export.json -p 8080:8080 jboss/keycloak
49+
```
108 KB
Loading

0 commit comments

Comments
 (0)