texousliu/keyfil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
keyfil/文档/20241224-元盟全域SSO方案进度表.md
liuxiaohua 31aa3a7b70
All checks were successful
Publish to Confluence / confluence (push) Successful in 59s
Details
[2025-02-20] 更新进度表
2025-02-20 18:36:41 +08:00

110 lines
5.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!-- Space: qifu -->
<!-- Parent: 后端技术&知识&规范 -->
<!-- Parent: 技术方案 -->
<!-- Parent: 基建 -->
<!-- Parent: 02-技术方案 -->
<!-- Parent: 20241224-元盟全域SSO方案 -->
<!-- Title: 20241224-元盟全域SSO方案进度表 -->
<!-- Macro: :anchor\((.*)\):
Template: ac:anchor
Anchor: ${1} -->
<!-- Macro: \!\[.*\]\((.+)\)\<\!\-\- width=(.*) \-\-\>
Template: ac:image
Url: ${1}
Width: ${2} -->
<!-- Macro: \<\!\-\- :toc: \-\-\>
Template: ac:toc
Printable: 'false'
MinLevel: 2
MaxLevel: 4 -->
<!-- Include: 杂项/声明文件.md -->
<!-- :toc: -->
# 元盟全域SSO方案进度表
## IAM 安装部署
- [元盟全域SSO方案](http://confluence.qifu.com/pages/viewpage.action?pageId=38507359)
- [Keycloak 官方文档](https://www.keycloak.org/guides#server)
- [企微 Identity provider 插件开发](https://git.keyfil.com/qifu-gateway/keycloak-justauth.git)
- [Keycloak 配置插件](https://www.keycloak.org/server/configuration-provider)
## 平台集成进度
| 平台 | 验证 | 接入 | 部署 | 文档 |
|----------------|----|----|----|-------------------------------------------------------------------|
| IAMKeycloak | √ | √ | √ | [元盟全域SSO方案][元盟全域SSO方案] |
| 门户网站 | √ | √ | √ | [Linkwarden部署指南][Linkwarden部署指南] |
| YApi | √ | √ | √ | [YApi部署指南][YApi部署指南] |
| 产研协同平台 | √ | √ | √ | [产研协同平台企微登录方案][产研协同平台企微登录方案] |
| GitLab | √ | √ | √ | [Gitlab安装及SSO接入指南][Gitlab安装及SSO接入指南] |
| Confluence | √ | √ | √ | [Confluence安装及SSO接入指南][Confluence安装及SSO接入指南] |
| Yarning | √ | √ | √ | [Yearning安装及SSO接入指南][Yearning安装及SSO接入指南] |
| Jenkins | √ | √ | × | [JenkinsSSO接入指南][JenkinsSSO接入指南] |
| KubeSphere | √ | √ | × | [KubeSphere 3.4 整合 OIDC][KubeSphere 3.4 整合 OIDC] |
| Nacos | √ | √ | × | [Nacos安装及SSO接入指南][Nacos安装及SSO接入指南] |
| Grafana | √ | √ | × | [Grafana安装及SSO接入指南][Grafana安装及SSO接入指南] |
| Skywalking | √ | √ | × | Skywalking本身不带授权是由nginx做资源访问权限暂时没有解决方案 |
| Graylog | × | × | × | [Graylog OIDC][Graylog OIDC] (需要企业版,并且需要https) |
| Harbor | × | × | × | [Harbor OIDC][Harbor OIDC] |
| Kibana | × | × | × | 只有生产和UAT有内网暂时没有。需要做开发,可以参考:[Kibana OIDC][Kibana OIDC] |
| Nexus sonatype | × | × | × | 需要使用插件,成本太高,一般不会登录使用该平台,不建议集成:参考 [Nexus Sonatype][Nexus Sonatype] |
| metersphere | √ | √ | √ | [Metersphere安装及SSO接入指南][Metersphere安装及SSO接入指南] |
### 域名规划说明
#### 域名结构说明
![](https://picture.texous.cn/blog/20250213101552038.png)
#### 域名划分
> 二级域名用来区分服务级别
> 三级域名用来做服务划分
> 四级域名用来做环境划分
- 二级域名 `qifu.com`:部环境使用
- 二级域名 `keyfil.com`:外网访问使用
- 三级域名 `xxx.qifu.com`:服务划分
- 比如 `yapi.qifu.com` 表示接口文档服务
- 比如 `confluence.qifu.com` 表示知识库服务
- 四级域名 `xxx.xxx.qifu.com`:服务环境划分
- 划分为四个环境:开发 `dev`、测试 `test`、预发布 `uat`、生产 `prod`。生产环境默认缺省,使用三级域名
- 比如 `test.jenkins.qifu.com` 表示测试环境 jenkins
- 比如 `jenkins.qifu.com` 表示测试环境 jenkins
[元盟全域SSO方案]: http://confluence.qifu.com/pages/viewpage.action?pageId=38507359
[产研协同平台企微登录方案]: http://confluence.qifu.com/pages/viewpage.action?pageId=38507582
[JenkinsSSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38507984
[Yearning安装及SSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38508162
[Linkwarden部署指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38508160
[YApi部署指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38507970
[Gitlab安装及SSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38508192
[Confluence安装及SSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38508352
[Nacos安装及SSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38508402
[Grafana安装及SSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38508757
[KubeSphere 3.4 整合 OIDC]: https://kubesphere.io/zh/docs/v3.4/access-control-and-account-management/external-authentication/oidc-identity-provider/
[Graylog OIDC]: https://go2docs.graylog.org/5-2/setting_up_graylog/oidc.html
[Harbor OIDC]: https://harbor.k8s.ac.cn/docs/2.11.0/administration/configure-authentication/oidc-auth/
[Grafana OIDC]: https://grafana.org.cn/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
[Kibana OIDC]: https://blog.csdn.net/qq_33816243/article/details/135210359
[Nexus Sonatype]: https://github.com/tumbl3w33d/nexus-oauth2-proxy-plugin
[Metersphere安装及SSO接入指南]: http://confluence.qifu.com/pages/viewpage.action?pageId=38510175
Reference in New Issue View Git Blame Copy Permalink