Series

Authenticating ServicePulse

OpenID Connect for ServicePulse, end to end in Docker. Covers the Keycloak path and the Duende IdentityServer path; pick one.

  1. Authenticating ServicePulse with Keycloak, Part 1: setting the stage

    ServiceControl 6.13 lets ServicePulse sit behind any OpenID Connect identity provider. This series wires it to Keycloak in Docker, end to end, on a home server.

  2. Authenticating ServicePulse with Keycloak, Part 2: the Keycloak side

    A realm, a client scope, the audience mapper that catches every first-time setup, and the public client ServicePulse uses to redirect through Keycloak.

  3. Authenticating ServicePulse with Keycloak, Part 3: plugging ServiceControl in

    The four values that change when you swap identity providers, the audit instance that mirrors them, the forwarded headers ServiceControl trusts behind a reverse proxy, and the moment the browser finally lands back in ServicePulse with a token.

  4. Authenticating ServicePulse with Keycloak, Part 4: when OIDC goes wrong, and what the POC leaves out

    The error messages every first-time setup hits, what each one actually means, the fix, and the list of things that need to change before this configuration leaves the lab.

  5. Authenticating ServicePulse with Duende IdentityServer: building the server

    A minimal ASP.NET Core app embedding Duende IdentityServer, configured for the same servicecontrol-api audience the Keycloak path uses. Same SPA flow, different IdP, more code.

  6. Authenticating ServicePulse with Duende IdentityServer: plugging ServiceControl in

    The four ServiceControl env vars from Part 3, repointed at Duende. Same login flow, same audience validation, different IdP.

I'm a developer, international speaker and coach/trainer. I love to discuss code, software architecture and distributed systems, messaging, star wars and lego with anyone who wants to listen or speak. I currently work at Particular Software on NServiceBus.

Menu