trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/gravitee/index.md

2.3 KiB
Raw Blame History

title
Gravitee

Support level: Community

What is Gravitee

Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs.

It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more.

-- https://github.com/gravitee-io/gravitee-api-management

Preparation

The following placeholders will be used:

  • gravitee.company is the FQDN of the Gravitee install.
  • authentik.company is the FQDN of the authentik install.
  • applicationName is the Application name you set.

Step 1 - authentik

In authentik, under Providers, create an OAuth2/OpenID Provider with these settings:

:::note Only settings that have been modified from default have been listed. :::

Protocol Settings

  • Name: applicationName
  • Client ID: Copy and Save this for Later
  • Client Secret: Copy and Save this for later
  • Redirect URIs/Origins:
https://gravitee.company/user/login
https://gravitee.company/console/ # Make sure to add the trailing / at the end, at the time of writing it does not work without it

Now, under Applications, create an application with the name applicationName and select the provider you've created above.

Step 2 - Gravitee

In the Gravitee Management Console, head to Organizations(gravitee.company/console/#!/organization/settings/identities) , under Console, Authentication, click Add an identity provider, select OpenID Connect, and fill in the following:

:::note Only settings that have been modified from default have been listed. :::

  • Allow portal authentication to use this identity provider: enable this
  • Client ID: Client ID from step 1
  • Client Secret: Client Secret from step 1
  • Token Endpoint: https://authentik.company/application/o/token/
  • Authorize Endpoint: https://authentik.company/application/o/authorize/
  • Userinfo Endpoint: https://authentik.company/application/o/userinfo/
  • Userinfo Logout Endpoint: https://authentik.company/if/session-end/applicationName/
  • Scopes: email openid profile