generated from coulomb/repo-seed
tegwick
3780190456
- CLAUDE.md: session protocol, architecture overview, spec pointers, workplan convention, state-hub repo ID (8a99bb74, netkingdom domain) - README.md: replace repo-seed placeholder with KeyCape description Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.4 KiB
Markdown
46 lines
1.4 KiB
Markdown
# KeyCape
|
|
|
|
*Prepare for Keycloak without Keycloak*
|
|
|
|
KeyCape is the lightweight IAM component of [NetKingdom](../net-kingdom/). It
|
|
implements the **NetKingdom IAM Profile** — a versioned OIDC/PKCE contract —
|
|
by orchestrating Authelia, LLDAP, and privacyIDEA. The same profile is
|
|
implemented by Keycloak in expanded-mode deployments.
|
|
|
|
Applications integrate against the profile, not against Keycape internals. This
|
|
makes the lightweight → expanded migration a tested, automated operation rather
|
|
than a rewrite.
|
|
|
|
## Status
|
|
|
|
**Specification phase.** The normative spec (v0.1) is complete. Implementation
|
|
workplans are the next step.
|
|
|
|
## Key Documents
|
|
|
|
- `wiki/KeyCapeSpecification_v0.1.md` — Architecture, design intent, objectives
|
|
- `wiki/KeyCapeSpecificationPack_v0.1.md` — Normative implementation spec:
|
|
canonical identity model, LDAP schema + validator rules, error taxonomy,
|
|
telemetry schema, migration contract, acceptance test matrix
|
|
|
|
## Architecture
|
|
|
|
```
|
|
Application
|
|
│ (NetKingdom IAM Profile)
|
|
▼
|
|
KeyCape ←── profile enforcement, claim normalization, telemetry
|
|
/ | \
|
|
Auth LLDAP privacyIDEA
|
|
elia
|
|
```
|
|
|
|
**Expanded mode:** Replace KeyCape with Keycloak. Same profile, same tests pass.
|
|
|
|
## Domain
|
|
|
|
Part of the **NetKingdom** domain. Tracked in the Custodian State Hub under
|
|
domain `netkingdom`, repo slug `key-cape`.
|
|
|
|
See `CLAUDE.md` for agent session protocol and workplan conventions.
|