Security
The security adapter makes it easy to integrate with Keycloak, Auth0 and other identity providers, simplifying security adoption across APIs and web services.
The Devprime Platform Security Adapter supports security certificates for sharing on replicas of the application within the Kubernetes cluster.
|
|
In the example below, we’re detailing the default Adapter settings, Keycloak specific settings
and Data Protection.
| General | — |
|---|---|
| Enable | Enable the Stream adapter (True/False) |
| Identity | – |
| Enable | Enable Identity (True/False) |
| Type | Defines which identity provider (Keycloak |
| Domain | Identity Provider Onboarding Context |
| ClientId | Customer name created in the identity provider “myapp” |
| ClientSecret | Client Credential in Identity Provider |
| EnableOIDC | Enables OIDC authentication (True/False) |
| AuthenticationScheme | “OpenIdConnect” Authentication Scheme |
| Audience | Audience in the “myapp” identity provider |
| LogoutUri | URL for logging out and returning to the application |
| Scopes | Information sent by the identity provider “openid; email” |
| DataProtection | – |
| Enable | Enables the Data Protection feature (True/False) |
| CertFilePath | Configure the pfx certificate folder and file |
| DataProtectionPath | Configure a folder for use by Data Protection |
| CertFilePassword | Enter the certificate password |
Important Considerations:
- Data Protection is required on the cluster with replicas to ensure security. The pfx file must be inside an accessible array mounted in the container.
- When creating the Data Protection certificate, pay attention to the expiration date.
- Data Protection can be enabled locally on the developer’s machine to test the certificate.
Explore implementation examples:
Last modified January 10, 2024 (967dcac3)