npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@dapperduckling/keycloak-connector-cluster-redis

v1.0.27

Published

Provides cluster communications through Redis, enabling synchronized scaling without interruption to security nor user experience.

Downloads

436

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

duckboy81duckboy81

Keywords

keycloak node cluster redis

Readme

keycloak-connector-server-cluster-redis

Description

Provides cluster communications through Redis, enabling synchronized scaling without interruption to security nor user experience.

Why? When scaling a project that uses keycloak-connector-server, each instance will have its own set of generated client JWKs and when polled a single public key will be given to Keycloak. This will likely result in failed logins as Keycloak doesn't know all the live public keys.

This plugin is written in order to synchronize this and other activities, such as backdoor logouts from Keycloak.

Fastify Configuration

const fastify = Fastify({
   // Extend the fastify plugin timeout in order to allow for key negotiation
   pluginTimeout: 120000, 
});

Setup Redis on AWS ElastiCache

STOP! If you're already using AWS ElastiCache, skip to Authenticating each application
  1. Create a new EC2 security group to link Redis to EC2 instances
    • Allow inbound connections on tcp/6379
  2. Create a new ElastiCache default user
    • User Id: keycloak-connector-aws-redis-admin (or any other)
    • Username: default (do not change)
    • Authentication mode: Password(s)
    • Password 1: <Use a 64 character or more password>
    • Access string: on ~* &* +@all
      • Or to disable logins with this account: off ~* &* +@all
  3. Create a new ElastiCache user group
    • Add the new default user
  4. Create Redis Cluster
    • Note: Careful when selecting the size of the instance, the tiniest one probably works for now
    • Transit encryption mode: required
    • Access control: user group access control list
    • User group: keycloak-connector-aws-redis-channel (or any other)
    • Add cluster to the new security group
  5. Add the security group to any EC2 instances you want to have access

Authenticating each application

  1. Create new users (under "User management")
    • User settings: <see below>
      • Recommend creating kcc-<app name>-prod & kcc-<app name>-dev accounts
    • Authentication mode: ~~IAM authentication~~ (not yet implemented by AWS SDKs. see: https://github.com/aws/aws-sdk/issues/556), use password
    • Access string: <see below>
      • To restrict access to a specific of commands & partition data between users, we'll build a unique authentication string.
      • Template (fill in blanks by modifying text inside the left and right carrots): on clearselectors resetkeys ~<app name>-<prod|dev>:* resetchannels &<app name>-<prod|dev>:* -@all +@fast +@pubsub +@keyspace +@string +@read +@write +@scripting -@dangerous +client|setname +info
      • The above allows read/write access to keys & pub/sub channels that match the my-cool-app-prod:* glob and allows commands in the FAST category.
        • Note: After submitting, the final access string will not have clearselectors, resetkeys, and resetchannels. These are directives to force clear permissions for existing sessions.
  2. Tie new users to the user group (under "User group management")
    • Select keycloak-connector-aws-redis-channel (or your group)
    • Modify
    • Manage
    • Enable the desired users

Connecting through EC2 (bastion) instance

  1. Copy the endpoint url
  2. Install redis
    sudo yum install -y redis
  3. Check redis-cli version number. At least >=6.0.0
    redis-cli -v
    ...if the version is less than 6.0, skip to "Building redis from the source"
  4. Connect to the cluster
     redis-cli --tls -h {replace_with_primary_endpoint} -p {replace_with_port_number}
  5. Ensure lack of permissions at this point
    > PING
< (error) NOAUTH Authentication required.
  6. Authenticate
    > AUTH default <password>
< OK
    Note: You may need to wrap your password in quotation marks (and even escape question marks in the password itself with a forward slash)
  7. Test connection
    > PING hi
< "hi"

Building Redis from the source

  1. Remove existing redis

    sudo yum remove redis

  2. Install the required utilities

    sudo yum install -y make gcc openssl-devel

  3. Build and install Redis

    cd ~
wget https://download.redis.io/redis-stable.tar.gz
tar -xzvf redis-stable.tar.gz
cd redis-stable
make distclean
make BUILD_TLS=yes MALLOC=libc
sudo make install

  4. Cleanup redis install files

    WAIT!!! Careful with the following command, ensure it points to the correct directory...

    rm -rf ~/redis-*