A detailed guide to SSO on Kubernetes

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
spring-boot Keycloak Openldap Java Maven

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • springboot-keycloak-openldap

    The goal of this project is to create a simple Spring Boot REST API, called simple-service, and secure it with Keycloak. Furthermore, the API users will be loaded into Keycloak from OpenLDAP server.

    • Okaaay, now I have a keycloak server and an ldap server running. I guess my next step is to shell in to the ldap host, wget https://github.com/ivangfr/springboot-keycloak-openldap/blob..., edit it to me needs, look up how to generate openldap password hashes, go back in to keycloak, and try to configure that to talk to my ldap server.

    So now I need to look up the default values for

    Vendor, Username LDAP attribute, RDN LDAP attribute, UUID LDAP attribute, User Object Classes, Connection URL, Users DN, Custom User LDAP Filter, Search Scope, Bind Type, Bind DN, Bind Credential

    If I knew what vendor openldap was considered setting the Vendor would fill a bunch of of those in. Well let's try following through this this random blog post and hope it works: https://geek-cookbook.funkypenguin.co.nz/recipes/keycloak/au...

    Compare that to the experience of deploying say, wordpress. And hey look, it already comes with an authentication backed!

    Sure, you can build something that does more or less the same thing but you have to do a fair bit of work to get to that point. Realistically if you haven't done it before, and if you don't have any ldap experience, you're looking at a solid couple of hours to get that set up.

    And it's still apparently going to use 100s of MB of ram.

  • glauth-ui

    Glauth management ui created with python/flask

    • * Provides basic user management, I want to be able to put users into groups and (if the app supports it) use those groups for in-app ACL.

    If that service worked well in my homelab (a single-pc docker swarm that runs a few private web services like jellyfin) I'd very likely end up deploying it on my employers infrastructure. My employer is a small business with maybe ~30 users.

    I'm not sure how to convert something like that into sales though. Still, starting with an open-source solution that solves problems for the little guys often has a "trickle up" effect.

    Right now I'm looking towards https://github.com/sonicnkt/glauth-ui/ to solve that problem, but it's definitely not anywhere near there yet.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts