Ferrum is a better Authorization Server, this is a Community version.
Ferrum
is OpenId-Connect
Authorization server written on GO. It has Data Contract similar to
Keycloak
server (minimal Keycloak
and we’ll grow to full-fledged KeyCloak
analog).
Today we are having following features:
Start
and Stop
) making them an ideal candidate for using in integration
tests for WEB API services that uses Keycloak
as authorization server;FILE
data storage for small Read only systemsREDIS
data storage for systems with large number of users and small response time;data.json
or in memoryit has endpoints
SIMILAR to Keycloak
, at present time we are having following:
POST ~/auth/realms/{realm}/protocol/openid-connect/token
GET ~/auth/realms/{realm}/protocol/openid-connect/userinfo
POST ~/auth/realms/{realm}/protocol/openid-connect/token/introspect
First of all build is simple run go build
from application root directory. Additionally it is possible
to generate self signed certificates - run go generate
from command line
If you don’t specify the name of executable (by passing -o {execName} to go build) than name of executable = name of project
Run is simple (Ferrum
starts with default config - config.json
):
./Ferrum
To run Ferrum
with selected config i.e. config_w_redis.json
:
./Ferrum --config ./config_w_redis.json
It is possible to start app in docker with already installed REDIS
and with initial data (see python
data insert script):
docker-compose up --build
There are 2 ways to use Ferrum
:
config.AppConfig
and data.ServerData
in application, i.e.
app := CreateAppWithData(appConfig, &testServerData, testKey)
res, err := app.Init()
assert.True(t, res)
assert.Nil(t, err)
res, err = app.Start()
assert.True(t, res)
assert.Nil(t, err)
// do what you should ...
app.Stop()
At present moment we have 2 fully integration tests, and number of them continues to grow. To run test execute from cmd:
go test
For running Manager tests on Redis
you must have redis on 127.0.0.1:6379
with ferrum_db
/ FeRRuM000
auth
user+password
pair, it is possible to start docker_compose and test on compose ferrum_db
container
Configuration splitted onto several sections:
```json
"server": {
"schema": "https",
"address": "localhost",
"port": 8182,
"security": {
"key_file": "./certs/server.key",
"certificate_file": "./certs/server.crt"
}
}
```
- data file: `realms`, `clients` and `users` application takes from this data file and stores in
app memory, data file name - `data.json`
- key file that is using for `JWT` tokens generation (`access_token` && `refresh_token`),
name `keyfile` (without extensions).
Users does not have any specific structure, you could add whatever you want, but for compatibility with keycloak and for ability to check password minimal user looks like:
{
"info": {
"sub": "" // <-- THIS PROPERTY USED AS ID, PROBABLY WE SHOULD CHANGE THIS TO ID
"preferred_username": "admin", // <-- THIS IS REQUIRED
...
},
"credentials": {
"password": "1s2d3f4g90xs" // <-- TODAY WE STORE PASSWORDS AS OPENED
}
}
in this minimal user example you could expand info
structure as you want, credentials
is a service structure,
there are NO SENSES in modifying it.
Minimal full example of how to use coud be found in application_test.go
, here is a minimal snippet:
var testKey = []byte("qwerty1234567890")
var testServerData = data.ServerData{
Realms: []data.Realm{
{Name: "testrealm1", TokenExpiration: 10, RefreshTokenExpiration: 5,
Clients: []data.Client{
{Name: "testclient1", Type: data.Confidential, Auth: data.Authentication{Type: data.ClientIdAndSecrets,
Value: "fb6Z4RsOadVycQoeQiN57xpu8w8wplYz"}},
}, Users: []interface{}{
map[string]interface{}{"info": map[string]interface{}{"sub": "667ff6a7-3f6b-449b-a217-6fc5d9ac0723",
"name": "vano", "preferred_username": "vano",
"given_name": "vano ivanov", "family_name": "ivanov", "email_verified": true},
"credentials": map[string]interface{}{"password": "1234567890"}},
}},
},
}
var httpsAppConfig = config.AppConfig{ServerCfg: config.ServerConfig{Schema: config.HTTPS, Address: "127.0.0.1", Port: 8672,
Security: config.SecurityConfig{KeyFile: "./certs/server.key", CertificateFile: "./certs/server.crt"}}}
app := CreateAppWithData(appConfig, &testServerData, testKey)
res, err := app.Init()
if err != nil {
// handle ERROR
}
res, err = app.Start()
if err != nil {
// handle ERROR
}
// do whatever you want
app.Stop()
Since version 0.9.1
it is possible to use CLI Admin
See
docker compose up --build
docker ps -a
docker exec -it 060cfb8dd84c sh
ferrum-admin --config=config_docker_w_redis.json ...
, see picture