2.5 KiB
hero: SSO for all your stack elements 🎁
SSO Stack
Most of the recipes in the cookbook are stand-alone - you can deploy and use them in isolation. I was approached recently by an anonymous sponsor, who needed a stack which would allow the combination of several collaborative tools, in a manner which permits "single signon (SSO)". I.e., the goal of the design was that a user would be provisioned once, and thereafter have transparent access to multiple separate applications.
The SSO Stack "uber-recipe" is the result of this design.
This recipe presents a method to combine multiple tools into a single swarm deployment, and make them available securely.
Menu
Tools included in the SSO stack are:
- OpenLDAP : Provides Authentication backend
- LDAP Account Manager (LAM) : A Web_UI to manage LDAP accounts
- KeyCloak is an open source identity and access management solution, providing SSO and 2FA capabilities backed into authentication provides (like OpenLDAP)
- docker-mailserver : A fullstack, simple mail platform including SMTP, IMAPS, and spam filtering components
- RainLoop : A fast, modern webmail client
- GitLab : A powerful collaborative git-based developmenet platform
- NextCloud : A file share and communication platform
This is a complex recipe, and should be deployed in a sequential manner (i.e. you need OpenLDAP with LDAP Account Manager, to enable KeyCloak, in order to get SSO available for NextCloud, etc..)
Ingredients
- Docker swarm cluster with persistent shared storage
- Traefik configured per design
- Access to NZB indexers and Usenet servers
- DNS entries configured for each of the NZB tools in this recipe that you want to use
Preparation
Now work your way through the list of tools below, adding whichever tools your want to use, and finishing with the end section:
Tip your waiter (donate) 👏
Did you receive excellent service? Want to make your waiter happy? (..and support development of current and future recipes!) See the support page for (free or paid) ways to say thank you! 👏