Project 'platform-one/big-bang/apps/security-tools/keycloak' was moved to 'big-bang/product/packages/keycloak'. Please update any links and bookmarks that may still have the old path.
WIP: Addons/keycloak
Adds a helm chart for keycloak.
Edited by James O'Meara
Merge request reports
Activity
Matching bigbang MR here: https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/365#41aeb9554f5954baaccbfb7af8a4aca9143aaed8
Edited by James O'Mearaadded 177 commits
- 01983dde - initial commit of keycloak after argocd submodule refactor
- 8cf225a5 - updating chart to 6.2.0
- 44805fd3 - downgrade to single replica keycloak due to bug in HA
- d9e57589 - remove ambassador (for now)
- 7ef6ec86 - use a proper wildcard virtualservice
- 9fda2839 - use aes-mappings
- ece3b6f4 - go back to virtual services...
- dceb7ae1 - use fqdn gateway
- 602800a6 - use a basic stateless keycloak install for now
- a8ca710b - making default deployment use an external database
- 6ef7002c - remove 'default' env vars, set them ourselves
- ad0829e5 - HA works!
- dd18d643 - Clean base
- d579d011 - Removed pod affinity
- f8b41a5a - Add jgroups port patches
- d81c8dde - Update to use the rds credentials
- 35028ba2 - Merge branch 'ha' into 'master'
- b9f1fcf5 - add initial custom image code for templating
- 07a0d486 - Update README.md
- 69c777ca - update keycloak to use `db-credentials` instead of `keycloak-credentials`
- 7e8c3630 - WIP implement keycloak auth overrides
- 75035820 - Slight less pain for dev work
- c83159a4 - chore: fixing megamind's mistakes
- 5aaac168 - make development great again
- 8b7c8348 - Merge branch 'unicorn-cleanup' into 'master'
- 889609dc - ignore intellij things
- 96750a21 - fix welcome link generation in account view
- b3d2ef31 - fix symlinks
- 55d909aa - bump keycloak deps
- cac501dc - add user org entry / cleanup code formatting
- c35ce711 - add custom terms of service
- 8526c1f2 - formatting
- c49a5d64 - WIP: add IL4 auto join threshold for user self-registration
- 332e58b4 - wip moving files
- 485af7ad - Add mocks and tests for RegistrationProtection, RegistrationProtectionProvider...
- 29e88160 - Merge branch 'add_unit_tests' into 'master'
- 4609f801 - Merge branch 'WIP-random-jeff-thingz'
- 1f37b3d9 - Split dockerfile into prod/dev
- 8c4ff742 - add a ci file
- 9dcb0579 - offload variable decleration to the product file
- ba7694d7 - change name of pipeline yml
- 9d8697d5 - moving manifests into subfolder `manifests`, adding kustomize image...
- 277f27aa - Merge remote-tracking branch 'origin/master'
- 1955cbd8 - fix random git ignore thing
- 9b900a57 - Don't load the realm inside the image
- 166ee8ab - add custom attributes to account view
- 566637ef - update custom p1 image
- 9d6ff880 - basic cypress setup
- eb119e70 - adding gradle because andrew gets what andrew wants
- 48bf14c8 - add jacoco
- 5a17c080 - Run on network to access local instance
- 13707d34 - added Cypress execution of interactive mode and resources
- 796dd6b2 - initial cypress tests for keycloak
- ec91bddd - Merge branch 'WIP-nino-cypress' into 'master'
- f4b939d8 - updated email registration validation to check against email domains with and...
- 96785909 - moving base image to 10.0.1-0.1.2
- 2cbd350e - remove maven
- 2971e7d6 - remove maven
- cd1954dc - Add Multi-IL capability
- 32633cfb - Bump to 10.0.1-0.1.3
- a3a5c916 - add acount help link
- 15221650 - update to 10.0.1-0.1.4
- 75b704c4 - email cleanup
- 8d6dd8c2 - 10.0.1-0.1.5
- e344823f - Update .gitlab-ci.yml
- 015a714c - move new account msg to bottom
- 9c1a43b4 - add more friendly error messages for lack of group access
- a6ff4bbf - Add temp message and minor fixes
- 1ee1b371 - Update wording for MFA setup
- c45b66c2 - Merge branch 'add_temp_msg' into 'master'
- a6e1a80f - make vs code shuddup
- 1c311b8b - bump to 10.0.1-0.1.8
- 336830c6 - hack to fix mattermost forcing re-login when still authenticated
- 12304a57 - 10.0.1-0.1.8 -> 10.0.1-0.1.9
- 4066f275 - add jsconsole for development & testing
- c80a1a41 - allow clients with "-" in the trailing portion of the name
- 7663f130 - realm auth / reset flow updates
- 2d967b50 - Update group-protect behavior. This pattern,...
- 71b547a1 - Merge remote-tracking branch 'origin/master'
- 84c998d5 - update realm/js-console for new group protect pattern
- dada7f9c - bump to 10.0.1-0.2.0
- fd8b459f - make the accoutn applications screen less confusing
- 63340e28 - initial cac work
- 3978d6f6 - Initial DoD CAC support
- 17a9b86c - 10.0.1-0.3.1
- 38467724 - correctly handle mattermost redirects with jboss vs istio
- caee8a37 - 10.0.1-0.3.1 -> 10.0.1-0.3.2
- 2a436784 - fix mm gitlab auth url handlers for posts
- 5eeb23e7 - dont bother users without a cac to update their cac....
- e7ec45d4 - Fix bad registration link
- 7054b051 - update readme
- f366e919 - cleanup invite code url
- ca89df23 - fix: ensure TOTP is forced for MFA users on first login without cac
- f85551d0 - fix: ensure proper password enforcement for cac vs mfa
- 70119a46 - refactor helm -> kustomize
- 84a1df60 - cleanup the prod deployment failures
- ffd21123 - bump to 10.0.1-0.4.2
- 1d3f078c - Update README
- 69348da7 - Merge branch 'doc-updates' into 'master'
- fa7ccc26 - Add Group Structuring Section
- c6352d72 - Merge branch 'group-structuring' into 'master'
- 91bd4740 - Fix URL for admin page
- 56bd704d - Styling fix for registration error
- d788f2e2 - Update styling for text on error
- 4bf7dbc3 - Fix error styling for registration form
- fcbc7690 - Merge branch 'fix-readme-url' into 'master'
- 08a74903 - Update register link
- add4753a - Update messages_en.properties
- 8125f689 - Merge branch 'login-page-changes' into 'master'
- 02d0c97f - Merge branch 'patch-2' into 'master'
- 4cb71a71 - Update MFA setup verbiage
- 1812e47f - - Match verbiage in account MFA setup to login.
- 3d717c93 - Update MFA setup verbiage
- 2be98f6b - Minor changes for consistency and clarity
- 4d2477c3 - Add optional password during registration with CAC
- 518ec65e - Add MFA set up in flow if password specified
- 9a776d08 - Minor refactoring
- 6d199785 - Add missing policy validation check
- fdfc7c31 - Add check for blank password fields
- 8b26dede - Merge branch 'cac-optional-password' into 'master'
- 9ea87c20 - added email and spam filter message
- 71c2e238 - Merge branch 'user-xp-fix' into 'master'
- 5cff5818 - Fix account page error issue plus other changes
- fd789cd4 - Merge branch 'account-page-fix' into 'master'
- e6fbb64f - fix cac users not being added to IL4 group
- 0aa6c507 - handle more cac scenarios
- 744f0772 - Bump to 10.0.1-0.5.1
- 9b3a3b6e - Refactored to use IronBank image
- 702f2a1a - Changed image tag in kustomization to 0.6.0
- e3efff54 - Updated dockerfile to use ironbank
- b9797e4e - use fake name for image replacement
- 156ca73d - Merge branch 'PBDE-1-ironbank-image' into 'master'
- 3c775dca - Add username validation
- f7fa45aa - Merge branch 'username-validation' into 'master'
- 4bd4684d - bump to 10.0.1-0.6.1
- 431c19a0 - added GS-9 pay grade... previously was missing
- a45ee5e8 - Merge branch 'gs9-hotfix' into 'master'
- 54be90ae - Configmap dynamic configuration & registration protection redesign
- fae2bbeb - Configmap dynamic configuration & registration protection redesign
- 9ba71f1d - Bump to 10.0.1-1.0.1
- 52dd131b - add configmap template
- 255cf2ff - Update password change message
- 4a635e3f - remove applications list from account page
- 91497907 - add better logging for group protection
- ce8596d6 - ECA: add requiredCertificatePolicies config entry
- 33007584 - perform cert policy validation for PKI
- 9c383a60 - Merge branch 'update-password-message' into 'master'
- e26a30a4 - complete x509 policy validation with logging
- 566e9deb - bump to 10.0.1-1.1.0
- c6085272 - Merge remote-tracking branch 'origin/master'
- 7d907ea2 - add NGC root certs
- 6f2bce8c - let kustomize do kustomize things
- d422956f - Update deprecated to
- a3948344 - Merge branch 'peerauth' into 'master'
- 072afc23 - Merge branch 'kustomize-labels' into 'master'
- 16e9f146 - Password reset message was directing people to old email. Updated it to help@dsop.io
- 24225fed - attempting to make email link create a new email prompt for user on new password reset message.
- ed25d622 - gave the email link an id of "helpdesk"
- 536094b9 - Merge branch 'patch-email-adjustment' into 'master'
- cf49ac1e - instanity refactor
- 8cd4d54b - sync with master
- f489a0f3 - fix git ignores
- 01c948eb - embed theme into plugin / remove excess template hacks
- 794effd0 - additional template work for mobile view
- 9670ef88 - readme placeholder
- e1a61c36 - Add base realm json
- dfce004d - update dev cert
- 3e46ed3e - refactor to no longer require a custom image for P1 SSO
- 02b2cd33 - dsop.io -> dso.mil
- aef71ae8 - fix configs to match prod correclty for auth/registration
-
79a56167 -
- 6df4db6e - Enable ToS acceptance on each login to make Matt happy
- b7977ea8 - move back to custom image for IB
- dde5df8f - remove tools from prod image
- a01f202a - new test image
- 45ce21a4 - Initial codecentric Keycloak chart.
- fda0a0c3 - Updated helm chart to produce similar output to the kustomize deployment.
Toggle commit listadded 1 commit
- 5a20afde - add bigbang values additions and refactor virtualservice
added 1 commit
- f0e617f4 - chore: update keycloak version in baby-yoda.json
added 1 commit
- 4995589f - chore: updated all dependencies minor versions
added 1 commit
- 80d39848 - Added p1-sso-plugin configmap, and fixed configmap usage for baby-yoda
Closing MR in favor of !5 (merged) . Work was forked and other MR has most recent work.
Please register or sign in to reply