Page tree
Skip to end of metadata
Go to start of metadata

Set up OpenID provider

Set up an OpenID authentication provider (e.g. Keycloak) that provides at least one user with username "anonymous" and password "anonymous". To start with the Border Gateway for development purposes it is a good idea to allow full anonymous access and define more elaborate authentication and authorization later. See below on how to provide the necessary information in a config file. See subpage for an example on how to set up Keycloak as an Open ID provider for the Border Gateway.

Create an SSL certificate for your deployment

Options could be Let´s encrypt or Fraunhofer certificates. You will need the two .pem files containing the certificate itself (including chain) and the private key. See below on how to provide the necessary information in a config file.

Create config file

Create a file config.json with the following entries:

{
  "ei_tls_key": "<path_to_secret_key>",
  "ei_tls_cert": "<path_to_certificate>",
  "mqtt_proxy_broker": {
    "address": "demo.linksmart.eu",
    "port": 8883,
    "username": "linksmart",
    "password": "demo",
    "tls": true,
    "tls_ca": "",
    "tls_client_key": "",
    "tls_client_cert": ""
  },
  "http_proxy_domains": {
    "<your_domain_name_used_in_certificate>": {
      "<location>": {
        "local_address": "<address_of_your_local_service>:<port>"
      }
    }
  },
  "auth_service_openid_connect_providers": {
    "default": {
      "issuer": "https://auth.fit.fraunhofer.de/kc/realms/linksmart-demo",
      "token_endpoint": "https://auth.fit.fraunhofer.de/kc/realms/linksmart-demo/protocol/openid-connect/token",
      "client_id": "bgw_client",
      "realm_public_key_modulus": "hF2bmoFd35rgtsXny2NFXG-M-ywZPkuonyUC8fwYQ4axSB86gPXbkkgH5LsDkpJHovMvXUgDiEJg2k0TbEfy7edtpk1e0IpqY8KKFQ-Gz_YjxXPWEsO30k11T66aczDVC1aKFDuBCQ9ExZopTehR_awHn3FAuDHTGrG8W4bMJ3z1VqcFRh5fZG3vGFvPi6J-6QpV8P82wFqMHJWeBJGUThWMNCtgi88KXf8Jz1MgvXO-NnDK_KduJBo_c6Dm5NiZjReQtKRO8TXUkhglClwHU6sOGx0IIvgQ9q5vRwWf6ou6t5_40cNYiu86GYlHH-1dimb_f6CoiTBG8-99wgfxvw",
      "realm_public_key_exponent": "AQAB"
    }
  }
}



Start Docker container

Pull and run the Border Gateway in a Docker container. Make sure the .pem files and the config.env is available, e.g.:

docker pull docker.linksmart.eu/bgw:latest
docker run --rm -p 443:443 -p 8883:8883 -v "<path_to_your_config_folder>:/bgw/config" -v "<path_to_your_certs_folder>:/certs" docker.linksmart.eu/bgw:latest
  • No labels