coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c0e17611cc62b7e7d7de7c9eda2dcf333193e4d8
net-kingdom/sso-mfa/WORKPLAN.md
Bernd Worsch c0e17611cc chore(sso-mfa): mark T05 complete in WORKPLAN.md 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 08:32:35 +00:00

2.5 KiB
Raw Blame History

SSO-MFA Platform — Stack Migration Workplan

NK-WP-0001 — Keycloak → Authelia + LLDAP + KeyCape

Updated: 2026-03-19 Workstream: sso-mfa-platform (39263c4b-ef70-4053-b782-350834b7e1be)

Stack Decision

Keycloak + privacyIDEA replaced by:

  • LLDAP — lightweight LDAP directory (user store)
  • Authelia — authentication frontend (password auth + OIDC upstream)
  • KeyCape — OIDC orchestration layer (auth code flow + MFA via privacyIDEA adapter)
  • privacyIDEA — MFA engine (unchanged, still in mfa namespace)

Hostnames: kc.coulomb.social (KeyCape), auth.coulomb.social (Authelia), lldap.coulomb.social (LLDAP admin)

Task Status

Task ID (hub) Status Notes
T01 — Vault & secret bootstrap 7992528c done
T02 — K8s foundations 721ca6b2 done Manifests authored; pending live cluster
T03 — PostgreSQL 7fa60004 done Manifests authored; pending live cluster
T04 — privacyIDEA 6ad1296a todo Manifests exist in k8s/privacyidea/; pending cluster
T05 — SSO core (new stack) b9f73aa6 in-progress See below
T06 — Realm config & MFA flow 3b6379a4 todo
T07 — User mgmt & self-service c7cf902a todo
T08 — Backups, DR, break-glass 9cbd1d89 todo

T05 — SSO Core (new stack: LLDAP + Authelia + KeyCape)

Done

  • LLDAP manifests: pvc.yaml, deployment.yaml, middleware.yaml, ingress.yaml, create-secrets.sh
  • Authelia manifests: pvc.yaml, configmap.yaml, deployment.yaml, ingress.yaml, create-secrets.sh
  • KeyCape manifests: deployment.yaml, middleware.yaml, ingress.yaml, create-secrets.sh
  • NetworkPolicy: netpol-sso.yaml updated for new components
  • Keycloak manifests staged for deletion

In Progress (this session)

  • keycape/create-pi-token.sh
  • lldap/README.md
  • authelia/README.md
  • keycape/README.md
  • Update CONFIG.md (fixed CP-NK-004, removed old CP-NK-005, added CP-NK-005 auth., CP-NK-006 lldap.)
  • Update bootstrap/gen-secrets.sh (removed Keycloak, added LLDAP/Authelia/KeyCape sections)
  • Update k8s/README.md (network policy table)
  • Replace verify-t05.sh (Keycloak → LLDAP+Authelia+KeyCape checks)
  • Commit all changes — commit 0754dc3
  • Update state hub tasks — T05 marked done, milestone event logged

Done-criteria for T05

  • All manifests present and consistent
  • gen-secrets.sh generates correct secrets for new stack
  • verify-t05.sh checks all three components
  • Committed to main
Reference in New Issue View Git Blame Copy Permalink