create realm node-red
create client oidc-nodered under node-red realm
create user
create role admin and assign the role to user admin
include roles in token scope
<aside> 💡 using keycloak to login node-red
</aside>
install node-red on my mac
npm install -g --unsafe-perm node-red
install passport-keycloak-oauth2-oidc
cd ~/.node-red
npm install passport-keycloak-oauth2-oidc
modify settings.js
cd ~/.node-red
vi settings.js
using passport strategy to security the editor
adminAuth: {
type: 'strategy',
strategy: {
name: 'keycloak',
label: '登录',
icon: 'fa-lock',
autoLogin: 'false',
strategy: require('passport-keycloak-oauth2-oidc').Strategy,
options: {
realm: 'node-red',
clientID: 'oidc-nodered',
clientSecret: 'UViCDeFQFL9Z0Q9tAsKLkarV5Tg1cYs8',
publicClient: 'false',
authServerURL: '<http://127.0.0.1:8080>',
sslRequired:'none',
callbackURL: '<http://127.0.0.1:1880/auth/strategy/callback>',
verify: function(token, tokenSecret, profile, done) {
if (profile.roles.includes('admin')) {
profile.username = 'admin';
done(null, profile);
} else {
//done(new Error('权限不足!'));
this.redirect("<http://127.0.0.1:8080/realms/node-red/protocol/openid-connect/logout?post_logout_redirect_uri=http://127.0.0.1:1880&client_id=oidc-nodered>");
}
}
},
},
users:[{username:"admin",permissions:["*"]}]
},
editorTheme: {
logout: {
redirect: "<http://127.0.0.1:8080/realms/node-red/protocol/openid-connect/logout?post_logout_redirect_uri=http://127.0.0.1:1880&client_id=oidc-nodered>"
},
https://gitee.com/woodynd/docker-manage/tree/master/keycloak
create realm node-red
create client oidc-nodered under node-red realm
create user
create role admin and assign the role to user admin
include roles in token scope
change realm roles mapper’s Token Claim Name to roles
