You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

This article describes how the Keycloak user database can be connected to DualShield as an external user directory, in the same way that Active Directory is connected to DualShield. 

How it Works

Keycloak stores its user directory in a SQL database, and it allows customers to choose one of the commonly used SQL servers, such as Postgres or MySQL, etc. However, Keycloak uses a proprietary database structure to store its user directory. In order to connect the Keycloak user database to DualShield, we need an adapter or converter. As DualShield supports LDAP, we developed a SQL to LDAP converter called DualShield MyVD which is based on an open-source project called MyVD. 

In DualShield a user directory is called a domain, whereas in Keycloak a user directory is called a realm. We will map a realm in Keycloak to a domain in DualShield. As Keycloak does not have the concept of the domain and OU, we will first map a realm in Keycloak to an OU in LDAP, then map the LDAP OU to a domain in DualShield

Keycloak
LDAP
DualShield
Realm>>OU>>Domain

By using OU, we can also support multiple realms in Keycloak. Any realm in Keycloak can be mapped to a domain in DualShield via an OU in LDAP.

Please note that in DualShield there is a component call realm as well. However, a realm in DualShield is a group of domains, instead of a single domain. 

Install DualShield MyVD

DualShield MyVD can be installed on a Windows or Linux server machine. It is a lightweight software application that has minimal software and hardware requirements:
ComponentDescription
Hardware
  • CPU: Dual Core
  • Memory: 4 GB
  • DISK: 5GB free drisk space
Software

Windows

  • Windows 2012/R2
  • Windows 2016
  • Windows 2019
  • Windows 2022

Linux

  • CentOS
  • RedHat
  • Fedora
  • Ubuntu

The article describes how to install DualShield VD on a Windows server.

To install DualShield MyVD, launch its installer "setup-dualshield-myvd-xxxx.yyyy.exe", where xxxx.yyyy is its version and build number.






MyVD Port Number

____________________________________________________________________

Enter the port number that MyVD will be using as its working port

You can simply accept the default port number 10983 unless this port is not available.

Keycloak Database Connection

____________________________________________________________________

Provide the details below in order to make the connection to your Keycloak database and one of the realms

FieldValue
DB Host

Hostname or IP address of the Keycloak database

Currently, DualShield MyVD installer assumes that the database used by KeyCloak is PostgreSQL. You can change it after installation.

DB PortDatabase working port number
DB NameName of the database. 
DB UsernameAdmin username of the database
DB PasswordAdmin password
Base DN

OU must equal the name of the realm in Keycloak that you want to connect to, e.g. "deepnet"

You can change "o=mycompany, c=us" to anything that's appropriate to you, e.g. "o=world, c=com" (O = Organisation Name, C = Country Name)

The installer connects only one realm in Keycloak. You will be able to connect to multiple realms in Keycloak after the installation.






Add Keycloak Identity Source


  • No labels