Last active
February 21, 2024 09:27
-
-
Save kevprice83/0fa3841fff79dd94bd7d7f2059ff8f10 to your computer and use it in GitHub Desktop.
Revisions
-
kevprice83 revised this gist
Mar 23, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -30,6 +30,6 @@ curl -v -X POST \ -d '{ "clientId": "<client_id>", "secret": "<client_secret>","redirectUris":["https://www.getpostman.com/oauth2/callback"] }' \ -H "Content-Type:application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer <initial_access_token>" \ http://<rhsso_domain>/auth/realms/<your_realm>/clients-registrations/default -
Mar 23, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,7 +21,7 @@ download rhsso from https://access.redhat.com/jbossnetwork/restricted/softwareDo - `oc new-app -f apicast-oidc.yml` - `oc secret new-basicauth apicast-configuration-url-secret --password=https://<access_token/provider_key>@<your_domain>-admin.3scale.net` - Add the ENV variable **RHSSO_ENDPOINT** with the domain of the sso instance you just deployed to the deployment config for example: `http://rh-sso.com/auth/realms/<your_realm>` - Create a client in 3scale and make sure to add the **redirect URL** parameter. This could be [Postman](https://www.getpostman.com/) for example. - You will need to synchronise this client with your RH SSO instance manually. Use the follwing example API request: -
Mar 23, 2017 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,6 +20,7 @@ download rhsso from https://access.redhat.com/jbossnetwork/restricted/softwareDo ### APIcast configuration - `oc new-app -f apicast-oidc.yml` - `oc secret new-basicauth apicast-configuration-url-secret --password=https://<access_token/provider_key>@<your_domain>-admin.3scale.net` - Add the ENV variable **RHSSO_ENDPOINT** with the domain of the sso instance you just deployed to the deployment config - Create a client in 3scale and make sure to add the **redirect URL** parameter. This could be [Postman](https://www.getpostman.com/) for example. - You will need to synchronise this client with your RH SSO instance manually. Use the follwing example API request: -
Mar 23, 2017 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,12 +22,13 @@ download rhsso from https://access.redhat.com/jbossnetwork/restricted/softwareDo - `oc new-app -f apicast-oidc.yml` - Add the ENV variable **RHSSO_ENDPOINT** with the domain of the sso instance you just deployed to the deployment config - Create a client in 3scale and make sure to add the **redirect URL** parameter. This could be [Postman](https://www.getpostman.com/) for example. - You will need to synchronise this client with your RH SSO instance manually. Use the follwing example API request: ``` curl -v -X POST \ -d '{ "clientId": "<client_id>", "secret": "<client_secret>","redirectUris":["https://www.getpostman.com/oauth2/callback"] }' \ -H "Content-Type:application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer <initial_access_token> \ http://<rhsso_domain>/auth/realms/<your_realm>/clients-registrations/default -
Mar 23, 2017 . 1 changed file with 5 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,9 +22,12 @@ download rhsso from https://access.redhat.com/jbossnetwork/restricted/softwareDo - `oc new-app -f apicast-oidc.yml` - Add the ENV variable **RHSSO_ENDPOINT** with the domain of the sso instance you just deployed to the deployment config - Create a client in 3scale and make sure to add the **redirect URL** parameter. This could be [Postman](https://www.getpostman.com/) for example. - You will need to synchronise this client with your RH SSO instance manually. Use the follwing example API request: ``` curl -v -X POST \ -d '{ "clientId": "<client_id>", "secret": "<client_secret>","redirectUris":["https://www.getpostman.com/oauth2/callback"] }' \ -H "Content-Type:application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer <initial_access_token> \ http://<rhsso_domain>/auth/realms/<your_realm>/clients-registrations/default ``` -
Mar 23, 2017 . 1 changed file with 30 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,30 @@ ### RH SSO installation & configuration download rhsso from https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=44851 - `unzip rh-sso-7.0.0.zip` - `./add-user-keycloak.sh -u <username>` - From the directory rh-sso-7.0 execute `bin/standalone.sh` This will start up the sso instance - To expose the console on a public domain follow the next steps - `wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip` - `unzip ngrok-stable-linux-amd64.zip` - From the same directory the binary is installed execute `./ngrok http 8080` - Copy the http domain and access the console from the browser at `<ngrok_domain/server_domain>/auth/admin` - [Create a new realm](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.0/html/getting_started_guide/create_a_realm_and_user#create-realm) (different from Master) - Set up [Tokens Policies](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.0/html/securing_applications_and_services_guide/client_registration) (Realm Settings > Tokens) - e.g. to configure access token TTL - Set up Initial Access Tokens. This is necessary to synchronise client registrations between 3scale and Red Hat Single Sign-On. - Define Expiration - This will determine how long the access token used to register clients from APIcast will be valid for, so make sure to choose a long lived value unless you want to be changing this token often. - Define Count - This will determine how many clients can be registered using this access token, make sure to choose a large value unless you want to be changing this token often. - Create some test [End-Users](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.0/html/getting_started_guide/create_a_realm_and_user#create-new-user) ### APIcast configuration - `oc new-app -f apicast-oidc.yml` - Add the ENV variable **RHSSO_ENDPOINT** with the domain of the sso instance you just deployed to the deployment config - Create a client in 3scale and make sure to add the **redirect URL** parameter. This could be [Postman](https://www.getpostman.com/) for example. - You will need to synchronise this client with your RH SSO instance manually. Use the follwing example API request: ``` curl -v -X POST \ -d '{ "clientId": "<client_id>", "secret": "<client_secret>","redirectUris":["https://www.getpostman.com/oauth2/callback"] }' \ -H "Content-Type:application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer <initial_access_token> \ http://<rhsso_domain>/auth/realms/<your_realm>/clients-registrations/default``` -
Mar 23, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,152 @@ apiVersion: v1 kind: Template metadata: name: 3scale-gateway annotations: description: "3scale API Gateway" iconClass: "icon-load-balancer" tags: "api,gateway,3scale" objects: - apiVersion: v1 kind: DeploymentConfig metadata: name: "${APICAST_NAME}" spec: replicas: 2 selector: deploymentconfig: "${APICAST_NAME}" strategy: type: Rolling template: metadata: labels: deploymentconfig: "${APICAST_NAME}" spec: containers: - env: - name: THREESCALE_PORTAL_ENDPOINT valueFrom: secretKeyRef: name: "${CONFIGURATION_URL_SECRET}" key: password - name: THREESCALE_CONFIG_FILE value: "${CONFIGURATION_FILE_PATH}" - name: RESOLVER value: "${RESOLVER}" - name: APICAST_SERVICES value: "${SERVICES_LIST}" - name: APICAST_CONFIGURATION_LOADER value: "${CONFIGURATION_LOADER}" - name: APICAST_LOG_LEVEL value: "${LOG_LEVEL}" - name: APICAST_PATH_ROUTING_ENABLED value: "${PATH_ROUTING}" - name: APICAST_RESPONSE_CODES value: "${RESPONSE_CODES}" - name: APICAST_REQUEST_LOGS value: "${REQUEST_LOGS}" - name: APICAST_CONFIGURATION_CACHE value: "${CONFIGURATION_CACHE}" - name: REDIS_HOST value: "${REDIS_HOST}" - name: REDIS_PORT value: "${REDIS_PORT}" - name: APICAST_MANAGEMENT_API value: "${MANAGEMENT_API}" image: "${IMAGE_NAME}" imagePullPolicy: Always name: "${APICAST_NAME}" livenessProbe: httpGet: path: /status/live port: management initialDelaySeconds: 10 timeoutSeconds: 1 readinessProbe: httpGet: path: /status/ready port: management initialDelaySeconds: 15 timeoutSeconds: 1 ports: - name: proxy containerPort: 8080 protocol: TCP - name: management containerPort: 8090 protocol: TCP triggers: - type: ConfigChange - apiVersion: v1 kind: Service metadata: name: "${APICAST_NAME}" spec: ports: - name: proxy port: 8080 protocol: TCP targetPort: 8080 - name: management port: 8090 protocol: TCP targetPort: 8090 selector: deploymentconfig: "${APICAST_NAME}" parameters: - description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key" value: apicast-configuration-url-secret name: CONFIGURATION_URL_SECRET required: true - description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume." value: name: CONFIGURATION_FILE_PATH required: false - description: "Docker image to use." value: 'quay.io/3scale/apicast:master' name: IMAGE_NAME - description: "Name for the 3scale API Gateway" value: apicast name: APICAST_NAME required: true - description: "DNS Resolver for openresty, if empty it will be autodiscovered" value: name: RESOLVER required: false - description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)" value: name: SERVICES_LIST required: false - name: CONFIGURATION_LOADER description: "When to load configuration. If on gateway start or incoming request. Allowed values are: lazy, boot." value: boot required: false - description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg." name: LOG_LEVEL required: false - description: "Enable path routing. Experimental feature." name: PATH_ROUTING required: false value: "false" - description: "Enable logging response codes to 3scale." value: "false" name: RESPONSE_CODES required: false - name: CONFIGURATION_CACHE description: "For how long to cache the downloaded configuration in seconds. Can be left empty, 0 or greater than 60." value: "" required: false - description: "Redis host. Required for OAuth2 integration." name: REDIS_HOST required: false - description: "Redis port. Required for OAuth2 integration." name: REDIS_PORT required: false value: "6379" - name: MANAGEMENT_API description: "Scope of the Management API. Can be disabled, status or debug. At least status required for health checks." required: false value: "status"