This is an archive of the code repository for the previous Horizion + Keystone-based version of the FIWARE Identity Manager project. The current code repositiory for this project can be found at: https://github.com/ging/fiware-idm
This project is part of FIWARE. You may find more information about this FIWARE GE here.
- You may find the source code of this project in GitHub here
- You may find the documentation of this project in Read the Docs here
Welcome to the main repository for the UPM's implementation of the FIWARE Identity Manager Generic Enabler. This repository acts as an entry point and holds the documentation and some automated tools for installation and management. The IdM is composed of two independent components: a RESTful back-end and web front-end.
If you want to see the code for each of the components of the IdM and more specific documentation please head to each component's repository:
- Horizon based front-end ging/horizon
- Keystone based back-end ging/keystone
You can see a working installation in the FIWARE Lab sandbox environment https://account.lab.fiware.org/
Identity Manager - KeyRock requires Ubuntu 12.04 or greater.
Both Horizon, for the front-end, and Keystone, for the back-end, must be installed in order for the generic enabler to run correctly. They can be installed in the same machine or in two separated ones. If you choose to separate them, the two machines must be able to communicate to each other through the network.
The IdM is made up of two components: the web-based front-end and the restful back-end. You can check specific documentation in their respective repositories.
- Install the Ubuntu dependencies
$ sudo apt-get install python python-dev python-virtualenv libxml2-dev libxslt1-dev libsasl2-dev libssl-dev libldap2-dev libffi-dev libsqlite3-dev libmysqlclient-dev python-mysqldb
- Get the code from our GitHub repository
$ git clone https://github.com/ging/keystone && cd keystone
- Install the python dependencies
$ sudo python tools/install_venv.py
- Create a configuration file
$ cp etc/keystone.conf.sample etc/keystone.conf
- Create the tables and populate the database
$ sudo tools/with_venv.sh bin/keystone-manage -v db_sync $ sudo tools/with_venv.sh bin/keystone-manage -v db_sync --extension=oauth2 $ sudo tools/with_venv.sh bin/keystone-manage -v db_sync --extension=roles $ sudo tools/with_venv.sh bin/keystone-manage -v db_sync --extension=user_registration $ sudo tools/with_venv.sh bin/keystone-manage -v db_sync --extension=two_factor_auth $ sudo tools/with_venv.sh bin/keystone-manage -v db_sync --extension=endpoint_filter $ sudo tools/with_venv.sh bin/keystone-manage -v db_sync --populate
- Finally, you can run keystone from the console
$ sudo tools/with_venv.sh bin/keystone-all -v
You may now log into the web (if you have Horizon installed) using the administrative account (by default, user is idm and the password is the one you entered during the populate step).
Note
If you want to run the Keystone backend in the backgroud you can :ref:`install it as a service <keystone-as-service>`.
Now, head on to the :ref:`configuration instructions <keystone-configuration>`.
(You can read more in-depth documentation at the Installation & Administration Guide)
- Install the Ubuntu dependencies
$ sudo apt-get install python python-dev python-virtualenv libssl-dev libffi-dev libjpeg8-dev
- Get the code from our GitHub repository
$ git clone https://github.com/ging/horizon && cd horizon
- Create a configuration file
$ cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py
- Install the python dependencies
$ sudo python tools/install_venv.py
You can now check that everything went OK by running the development server, but you won't be able to log in until you install the backend.
$ sudo tools/with_venv.sh python manage.py runserver localhost:8000
Note
If you want to run the Horizon frontend in the backgroud you can install it as a service or, for a production environment, run it under Apache.
Now, head to the :ref:`configuration instructions <horizon-configuration>`.
(You can read more in-depth documentation at the Installation & Administration Guide)
We provide a Docker image to facilitate you the building of this GE.
- Here you will find the Dockerfile and the documentation explaining how to use it.
- In Docker Hub you will find the public image.
We provide an installation script that can be run within a Ubuntu virtual machine. This script installs the whole Identity Manager, and sets it up to run in background.
You can find the installation script and a verification script here.
This image contains the following settings as defaults, but you can change any of them after installation, as you can see in the :ref:`horizon <horizon-configuration>` and the :ref:`keystone <keystone-configuration>` configuration instructions:
Setting | Value |
---|---|
idm user | idm |
idm password | idm |
Horizon port | 8000 |
Keystone port | 5000 |
We also provide a Chef Cookbook, which you can find here.
Keyrock back-end is based on Openstack Keystone project, so it exports all the Keystone API. However, Keyrock implements some custom extensions that have their own REST APIs. Furthermore, to facilitate the access to some identity resources we have enabled an SCIM 2.0 API.
Finally, one of the main uses of Keyrock is to allow developers to add identity management (authentication and authorization) to their applications based on FIWARE identity. This is posible thanks to OAuth2 protocol.
You will find the full API description here
This section is for users of the 4.x versions. They biggest change introduced in 5.x is the removal Fabric tasks. The functionality in the tasks has been moved elsewhere, converted to a CLI or removed completely.
- A new CLI tool to help with admin tasks. Documentation :ref:`here <cli-tools>`
- The instalation now is always done step by step.
- The population script for the keystone database is now part of keystone.
Check the release notes for a full list of changes and new features.