Nubus for Kubernetes - Operation Manual 1.0.1

Keycloak Extensions

5.2. Keycloak Extensions#

Keycloak Extensions are a proof of concept for the openDesk project. The Keycloak Extensions provide the following experimental additional features:

  • Brute force protection

  • New device notification

By default, Nubus for Kubernetes deploys with Keycloak Extensions deactivated. This section describes how to enable the Keycloak Extensions and specific features.

See also

Keycloak Extensions

in Univention Nubus for Kubernetes - Architecture Manual [2] for information about the purpose, tasks, and architecture of the Keycloak Extensions.

5.2.1. Enable Keycloak Extensions#

By default, Nubus for Kubernetes has the Keycloak Extensions deactivated. To enable the Keycloak Extensions, use the following steps:

  1. Add the lines in Listing 5.2 to your custom_values.yaml deployment file.

    Listing 5.2 Activate the Keycloak Extensions#
    keycloak:
  ingress:
    enabled: false

nubusKeycloakExtensions:
  enabled: true

  2. Follow the steps in Apply activation.

5.2.2. Enable features#

By default, Nubus for Kubernetes has all features of the Keycloak Extensions deactivated, except the IP protection. You can enable the features of the Keycloak Extensions one by one. The Keycloak Extensions work like a proxy in front of Keycloak. If you deactivate the extensions’ features, the proxy forwards the traffic to Keycloak.

To enable the features, use the following steps:

  1. Add the lines in Listing 5.3 to your custom_values.yaml deployment file. You can also activate just a subset of the features.

    Listing 5.3 Content for custom_values.yaml to deactivate Keycloak extensions#
    nubusKeycloakExtensions:
  handler:
    appConfig:
      newDeviceLoginNotificationEnable: "True"
      deviceProtectionEnable: "True"
      captchaProtectionEnable: "True"
      ipProtectionEnable: "True"  # activated by default

  2. Follow the steps in Apply activation.

5.2.3. Apply activation#

To apply the configuration, run the following steps. The commands change the configuration for the Keycloak Extensions Kubernetes pod.

  1. Set environment variables for the Helm command. Use the commands in Listing 3.5.

  2. To upgrade your Nubus deployment, run the command in Listing 5.4.

    Listing 5.4 Apply deactivation of Keycloak Extension features#
    $ helm upgrade "$RELEASE_NAME" \
   --namespace "$NAMESPACE_FOR_NUBUS" \
   --values custom_values.yaml \
   --version "$VERSION" \
   oci://artifacts.software-univention.de/nubus/charts/nubus
On this page