Package com.cloudforgeci.api.security

Class KeycloakFactory

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
com.cloudforgeci.api.core.annotation.BaseFactory
com.cloudforgeci.api.security.KeycloakFactory
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
public class KeycloakFactory extends BaseFactory
Keycloak SAML Bridge Factory.

Deploys Keycloak as a SAML Identity Provider bridge between AWS Cognito (OIDC) and applications that require SAML authentication (e.g., Mattermost with group sync).

Architecture:

 Mattermost ←SAML→ Keycloak ←OIDC→ Cognito User Pool
            (groups)        (federation)   (users)

When to Use:

  • Application requires SAML (not OIDC)
  • Need group synchronization / team management
  • Want to use Cognito but app doesn't support OIDC directly

Configuration:

 {
   "oidcProvider": "cognito-saml",
   "authMode": "application-oidc",
   "cognitoAutoProvision": true
 }

What Gets Created:

  • Keycloak ECS Fargate service
  • Keycloak schema in existing PostgreSQL database
  • ALB target group for Keycloak (auth.{domain})
  • Cognito OIDC federation in Keycloak
  • SAML client configuration for Mattermost

What Gets Reused:

  • Existing Cognito User Pool (created by CognitoAuthenticationFactory)
  • Existing RDS PostgreSQL database
  • Existing VPC, subnets, security groups
  • Existing ECS cluster
  • Existing ALB

Security:

  • Follows security profile settings (DEV/STAGING/PRODUCTION)
  • Database credentials in Secrets Manager
  • Encrypted database connections
  • HTTPS only

  • Nested Class Summary

    Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

    software.amazon.jsii.JsiiObject.InitializationMode

    Nested classes/interfaces inherited from interface software.constructs.IConstruct

    software.constructs.IConstruct.Jsii$Default, software.constructs.IConstruct.Jsii$Proxy

  • Field Summary

    Fields inherited from class com.cloudforgeci.api.core.annotation.BaseFactory

    cfc, config, ctx

  • Constructor Summary

    Constructors
    Constructor
    Description
    KeycloakFactory(software.constructs.Construct scope, String id)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    create()
    Abstract method that must be implemented by all factory subclasses.

    Methods inherited from class com.cloudforgeci.api.core.annotation.BaseFactory

    getDeploymentContext, getSecurityProfileConfiguration, getSystemContext

    Methods inherited from class software.constructs.Construct

    getNode, isConstruct, toString

    Methods inherited from class software.amazon.jsii.JsiiObject

    jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface software.amazon.jsii.JsiiSerializable

    $jsii$toJson

  • Constructor Details

    • KeycloakFactory

      public KeycloakFactory(software.constructs.Construct scope, String id)

  • Method Details

    • create

      public void create()
      Description copied from class: BaseFactory
      Abstract method that must be implemented by all factory subclasses. This method should contain the actual infrastructure creation logic.
      Specified by:
      create in class BaseFactory