|
| 1 | +# External authentication providers |
| 2 | + |
| 3 | +## Introduction |
| 4 | + |
| 5 | +External authentication providers are used to authenticate users against an external system. This is useful when you want to use an existing authentication system, such as LDAP, to authenticate users in your application. |
| 6 | + |
| 7 | +In the case of the load-test tool, a Keycloak server is used as the authentication provider. Keycloak is an open-source identity and access management solution that provides a way to authenticate users against an external system. |
| 8 | + |
| 9 | +> **The load-test currently only supports OpenID Connect as an external authentication provider.** |
| 10 | +
|
| 11 | +## Configuration options |
| 12 | + |
| 13 | +``` js |
| 14 | +{ |
| 15 | + // ... |
| 16 | + "ExternalAuthProviderSettings": { |
| 17 | + "InstanceCount": 1, |
| 18 | + "DevelopmentMode": true, |
| 19 | + "KeycloakAdminUser": "mmadmin", |
| 20 | + "KeycloakAdminPassword": "mmpass", |
| 21 | + "KeycloakRealmFilePath": "", |
| 22 | + "InstanceType": "t3.medium", |
| 23 | + "DatabaseInstanceCount": 0, |
| 24 | + "DatabaseInstanceType": "db.t3.medium", |
| 25 | + "DatabaseInstanceEngine": "aurora-postgresql", |
| 26 | + "DatabaseUsername": "mmuser", |
| 27 | + "DatabasePassword": "mmpassword", |
| 28 | + "DatabaseParameters": [] |
| 29 | + }, |
| 30 | + // ... |
| 31 | +} |
| 32 | +``` |
| 33 | + |
| 34 | +- **InstanceCount**: The number of instances to deploy. (`0` or `1`, `0` disables the deployment of the Keycloak server) |
| 35 | +- **DevelopmentMode**: Whether to deploy the server in development mode. This changes the command used to start the server from `start` (production) to `start-dev` (development) and disables the usage of an external database. |
| 36 | +- **KeycloakVersion**: The version of Keycloak to deploy. |
| 37 | +- **KeycloakAdminUser**: The username of the Keycloak admin user. |
| 38 | +- **KeycloakAdminPassword**: The password of the Keycloak admin user. |
| 39 | +- **KeycloakRealmFilePath**: The path to a Keycloak realm file to use as import data. |
| 40 | + - If empty the load test will import a default one. |
| 41 | +- **InstanceType**: The instance type to use for the keycloak server. |
| 42 | +- **DatabaseInstanceCount**: The number of database instances to deploy. This defaults to `0` if `DevelopmentMode` is set to `true`. |
| 43 | +- **DatabaseInstanceType**: The instance type to use for the database. |
| 44 | +- **DatabaseInstanceEngine**: The database engine to use. |
| 45 | +- **DatabaseUsername**: The username to use for the database. |
| 46 | +- **DatabasePassword**: The password to use for the database. |
| 47 | +- **DatabaseParameters**: Additional parameters to use for the database. |
| 48 | + |
| 49 | +## Enabling the OpenID Connect provider |
| 50 | + |
| 51 | +In order to enable the deployment of the Keycloak server (and configuration of the Mattermost instance to go along with it) you only need to provide the raise the `ExernalAuthProviderSettings.InstanceCount` section to `1` in the deployer configuration. |
0 commit comments