mirror of
https://github.com/funkypenguin/geek-cookbook/
synced 2026-01-02 03:19:23 +00:00
Correct spelling of recipes once and for all
This commit is contained in:
David Young
44
manuscript/recipes/sso-stack.md
Normal file
44
manuscript/recipes/sso-stack.md
Normal file
@@ -0,0 +1,44 @@
|
||||
hero: SSO for all your stack elements 🎁
|
||||
|
||||
# SSO Stack
|
||||
|
||||
Most of the recipes in the cookbook are stand-alone - you can deploy and use them in isolation. I was approached recently by an anonymous sponsor, who needed a stack which would allow the combination of several collaborative tools, in a manner which permits "single signon (SSO)". I.e., the goal of the design was that a user would be provisioned _once_, and thereafter have transparent access to multiple separate applications.
|
||||
|
||||
The SSO Stack "uber-recipe" is the result of this design.
|
||||
|
||||
|
||||
|
||||
This recipe presents a method to combine multiple tools into a single swarm deployment, and make them available securely.
|
||||
|
||||
## Menu
|
||||
|
||||
Tools included in the SSO stack are:
|
||||
|
||||
* **[OpenLDAP](https://www.openldap.org/)** : Provides Authentication backend
|
||||
* **[LDAP Account Manager ](https://www.ldap-account-manager.org)** (LAM) : A Web_UI to manage LDAP accounts
|
||||
* **[KeyCloak](https://www.keycloak.org/)** is an open source identity and access management solution, providing SSO and 2FA capabilities backed into authentication provides (like OpenLDAP)
|
||||
* **[docker-mailserver](https://github.com/tomav/docker-mailserver)** : A fullstack, simple mail platform including SMTP, IMAPS, and spam filtering components
|
||||
* **[RainLoop](https://www.rainloop.net/)** : A fast, modern webmail client
|
||||
* **[GitLab](https://gitlab.org)** : A powerful collaborative git-based developmenet platform
|
||||
* **[NextCloud](https://www.nextcloud.org)** : A file share and communication platform
|
||||
|
||||
This is a complex recipe, and should be deployed in a sequential manner (_i.e. you need OpenLDAP with LDAP Account Manager, to enable KeyCloak, in order to get SSO available for NextCloud, etc.._)
|
||||
|
||||
## Ingredients
|
||||
|
||||
1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
|
||||
2. [Traefik](/ha-docker-swarm/traefik) configured per design
|
||||
3. Access to NZB indexers and Usenet servers
|
||||
4. DNS entries configured for each of the NZB tools in this recipe that you want to use
|
||||
|
||||
## Preparation
|
||||
|
||||
Now work your way through the list of tools below, adding whichever tools your want to use, and finishing with the **end** section:
|
||||
|
||||
* [OpenLDAP](/recipes/sso-stack/openldap.md)
|
||||
|
||||
### Tip your waiter (donate) 👏
|
||||
|
||||
Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
|
||||
|
||||
### Your comments? 💬
|
||||
Reference in New Issue
Block a user