netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

keycloak support

Open KlavsKlavsen opened this issue 2 years ago • 4 comments

Hi guys, I just found this project and it looks like something I've been wanting for a while.. (and only tailscale does - but I'm not a fan of trusting such services :)

I leave this here to suggest perhaps supporting keycloak as an auth mechanism? Its very widely supported (through OIDC protocol) - here's f.ex. how we setup ArgoCD to allow login via keycloak: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/user-management/keycloak.md And you CAN actually also setup keycloak to allow google user account auth - which means keycloak login - will allow you to login with your google account (if thats what you want) or a keycloak user..

Supporting keycloak is a one-stop way to get 2fa, google-auth, with self-hosting support and everything (as keycloak supports these things).

ArgoCd implements it by using https://github.com/coreos/go-oidc

KlavsKlavsen avatar Nov 26 '21 08:11 KlavsKlavsen

Thank you fort he suggestion!

We have some discussiona here as well https://github.com/wiretrustee/wiretrustee-dashboard/issues/9

braginini avatar Nov 26 '21 09:11 braginini

By the way @KlavsKlavsen , what is your main use case?

braginini avatar Nov 26 '21 09:11 braginini

My usecase is to be able to connect to servers behind NAT - from our "travelling workers" - ie. all us working remotely/from home - to be able to access the individual networks we need.. replacing a proprietary VPN.. But in the end I want this to use "temporary keys" - so access is logged and granted (and can be NOT granted f.ex. - for certain users to certain places).. So developer f.ex. only has access to specific places - and SRE's had access to everything (but access is logged when its opened and when its closed down again) (or just logged with a lifetime logged as well - atleast). We have a couple of guys who would gladly do PRs as well, if we get it working for us - so hopefully we can contribute something worthwhile too - once it gets there (and we start to use it in production)

KlavsKlavsen avatar Nov 26 '21 10:11 KlavsKlavsen

if we get it working with auth0 f.ex. - we'd gladly take a stab at adding keycloak support.

KlavsKlavsen avatar Nov 26 '21 10:11 KlavsKlavsen

Solved in https://github.com/netbirdio/dashboard/issues/9 Integration Docs: https://netbird.io/docs/integrations/identity-providers/self-hosted/using-netbird-with-keycloak

braginini avatar Sep 08 '22 20:09 braginini