⚠️ This document is for the Alpha version of Nubus for Kubernetes. Feedback is welcome. ⚠️

Nubus for Kubernetes - Operation Manual 0.5.5 (Alpha)

Keycloak Extensions

5.2. Keycloak Extensions#

Keycloak Extensions are a proof of concept for the openDesk project. The Keycloak Extensions provide the following experimental additional features:

  • Brute force protection

  • New device notification

Important

By default, Nubus activates the features of the Keycloak Extensions. However, the features won’t work silently until you manually enable Keycloak auditing user events.

To activate Auditing user events, use the following steps:

  1. Open the Keycloak Admin Console.

    You can derive the URL to the console from your global.domain custom value setting for the Helm Chart. It’s https://id.global.domain/admin/, for example https://id.example.com/admin/.

  2. Select the realm nubus.

  3. Follow the steps described in Configuring auditing to track events in the Keycloak Server Administration Guide [3].

See also

Nubus for Kubernetes - Architecture Manual

for information about the purpose, tasks, and architecture of the Keycloak Extensions.

5.2.1. Deactivate features#

You can deactivate the features of the Keycloak Extensions one by one, but not the Keycloak Extensions themselves. The Keycloak Extensions work like a proxy in front of Keycloak. If you deactivate the extensions’ features, the proxy forwards the traffic.

To deactivate the features, add the lines in Listing 5.2 to your custom_values.yaml. You can also deactivate just a subset of the features.

Listing 5.2 Content for custom_values.yaml to deactivate Keycloak extensions#
nubusKeycloakExtensions:
  handler:
    appConfig:
      newDeviceLoginNotificationEnable: "False"
      deviceProtectionEnable: "False"
      captchaProtectionEnable: "False"
      ipProtectionEnable: "False"

5.2.2. Apply deactivation#

To apply the configuration, run the command shown in Listing 5.3. The command changes the configuration for the Keycloak Extensions Kubernetes pod. It continues to run, deactivating the features as you configured them in Deactivate features.

Listing 5.3 Apply deactivation of Keycloak Extension features#
$ export NAMESPACE_FOR_NUBUS="Set to your Kubernetes namespace"
$ export RELEASE_NAME="The Helm Chart release name"
$ export NUBUS_VERSION="0.18.3"

$ helm upgrade "$RELEASE_NAME" \
   --namespace "$NAMESPACE_FOR_NUBUS" \
   --values custom_values.yaml \
   --version "$NUBUS_VERSION" \
   oci://artifacts.software-univention.de/nubus/charts/nubus
On this page