diff options
Diffstat (limited to 'micro/iam')
| -rw-r--r-- | micro/iam/keycloak_iam.mmd | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/micro/iam/keycloak_iam.mmd b/micro/iam/keycloak_iam.mmd new file mode 100644 index 0000000..ff7f0c7 --- /dev/null +++ b/micro/iam/keycloak_iam.mmd @@ -0,0 +1,79 @@ +%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 60, 'rankSpacing': 60, 'padding': 20}}}%%
+flowchart LR
+
+ subgraph client ["Cote Client"]
+ direction TB
+ user_b["Navigateur<br/>Utilisateur"]
+ bearer["Token JWT<br/>dans le header"]
+ user_b --> bearer
+ end
+
+ subgraph keycloak ["Keycloak - npagnun 192.168.99.35"]
+ direction TB
+
+ subgraph endpoints ["Endpoints"]
+ direction LR
+ http[":8080 HTTP"]
+ https[":8443 HTTPS"]
+ health[":9000 Health"]
+ end
+
+ subgraph config ["Configuration"]
+ direction LR
+ realms["Realms<br/>master + custom"]
+ clients_kc["Clients OIDC<br/>portal, event-hub"]
+ users["Users<br/>& Groups"]
+ roles["Roles RBAC<br/>& Permissions"]
+ end
+
+ subgraph auth_flow ["Flux OIDC"]
+ direction LR
+ step1["1. /auth/realms/.../protocol/openid-connect/auth"]
+ step2["2. Login form + consent"]
+ step3["3. Callback avec code"]
+ step4["4. Exchange code -> tokens"]
+ step1 --> step2 --> step3 --> step4
+ end
+ end
+
+ subgraph db ["Base de donnees"]
+ postgres["PostgreSQL 15<br/>:5432 Docker interne<br/>DB: keycloak<br/>User: keycloak"]
+ end
+
+ subgraph applications ["Applications"]
+ direction TB
+ portal["Portal Korradi<br/>Next.js"]
+ eventhub["Event Hub<br/>Fastify"]
+ widget["Widget SDK"]
+ end
+
+ subgraph model ["Modele de donnees"]
+ direction LR
+ org["Organisation"] --> sp["Spaces"] --> ctx["Contexts"] --> wdg["Widgets"]
+ end
+
+ user_b -->|"Login request"| endpoints
+ step4 -->|"access_token<br/>+ refresh_token"| user_b
+ bearer -->|"Authorization: Bearer ..."| applications
+
+ keycloak --> postgres
+
+ portal -->|"Token verify"| keycloak
+ eventhub -->|"Token verify"| keycloak
+ widget -->|"Token verify"| keycloak
+
+ roles -.->|"RBAC / ABAC"| model
+
+ classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
+ classDef storStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
+ classDef appStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
+ classDef userStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
+ classDef modelStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0
+ classDef flowStyle fill:#3a2a1e,stroke:#aa7a4a,color:#e8c8a0
+
+ class user_b,bearer userStyle
+ class http,https,health,realms,clients_kc,users,roles iamStyle
+ class step1,step2,step3,step4 flowStyle
+ class postgres storStyle
+ class portal,eventhub,widget appStyle
+ class org,sp,ctx,wdg modelStyle
|