Series

Authenticating ServicePulse with Keycloak

A four-part walkthrough of putting Keycloak in front of ServicePulse with OpenID Connect, end to end, in Docker.

  1. Authenticating ServicePulse with Keycloak, Part 1: setting the stage

    ServiceControl 6.13 lets ServicePulse sit behind any OpenID Connect identity provider. This series wires it to Keycloak in Docker, end to end, on a home server.

  2. Authenticating ServicePulse with Keycloak, Part 2: the Keycloak side

    A realm, a client scope, the audience mapper that catches every first-time setup, and the public client ServicePulse uses to redirect through Keycloak.

  3. Authenticating ServicePulse with Keycloak, Part 3: plugging ServiceControl in

    The four values that change when you swap identity providers, the audit instance that mirrors them, the forwarded headers ServiceControl trusts behind a reverse proxy, and the moment the browser finally lands back in ServicePulse with a token.

  4. Authenticating ServicePulse with Keycloak, Part 4: when OIDC goes wrong, and what the POC leaves out

    The error messages every first-time setup hits, what each one actually means, the fix, and the list of things that need to change before this configuration leaves the lab.

I'm a developer, international speaker and coach/trainer. I love to discuss code, software architecture and distributed systems, messaging, star wars and lego with anyone who wants to listen or speak. I currently work at Particular Software on NServiceBus.

Menu