OIDC protection without OIDC code.

My first major project during my service involved finding a way to implement OIDC (OpenID Connect) authentication and authorization on our Openshift websites without burdening developers with direct code integration.

This mission demanded days and nights of effort, involving a steep learning curve in devops, Openshift-Kubernetes, Linux, networks and NGINX, Docker, Keycloak, and security protocols. The project touched on various areas, turning it into a colossal task. Gradually, step by step, I overcame challenges to achieve the ambitious goal of creating a generic security layer.

The “security layer” essentially acts as a proxy to OIDC authentication provided by Keycloak, utilizing an external IDP (Identity Provider). This approach allows the effortless creation of a simple and website using Python or Node.js, without requiring in-depth knowledge of security protocols. Developers can then establish a blacklist/whitelist of authorized users, identified through the external IDP. Users are automatically authenticated without the need for manual registration.

I documented this journey comprehensively, summarizing all acquired knowledge and progress in a sizable (and bit theatrical) documentation file.

Disclaimer: While this method was once in use, it is now deprecated and unclassified, allowing me to freely share it.

Click here to view the guide!