More Information Required

[HungryHowies]

All,
Jumped into this project because a friend introduced ORY to me as an alternative to Keycloak. I’m having some difficulties using “self-hosting”.
What I was able to accomplish was installing Kratos/ UI for users to register. I installed Hydra, still not sure what that is all about, meaning how it ties into Kratos. I executed something abouthealth check for hydra and it showed “Status: OK” so I assume there really is no front end to it. And I’m not sure if Hydra/Kratos is combined correctly. Really do not see any indication if it is.

I was looking for a console/GUI or something in which I could configure to access multiple domain/clients. I did test out ORY cli and creating a project in https://console.ory.sh/projects , since my self-hosting node will not have access to the internet this may be an issue. I should state, using Docker in this environment is not an option.

My question is if someone can enlighten me about ORY/ Opensource? I have been through the documentation here https://www.ory.sh/docs/welcome I also understand that each service works standalone Kratos, Hydra, (sorry, Makes me think of Marvel 😆 , hail hydra), oathkeeper, and Keto. So, at this point I am assuming I need to create/make my own Web UI? If so would/can I control this service from there?

I stopped by the forum and seen it was closed 😞 but I do understand it takes a lot of time to keep that going.

I would apperciate any advice or direction to learn more and how to set this up internally.
Thanks in advance

[vinckr]

Hello @HungryHowies
Let me try and clear up some of the confusion!

• Hydra & Kratos integration
  This is not configured out of the box when you are self-hosting Ory, see this discussion for pointers how to set it up: How to configure Kratos to work with Hydra? kratos#2976 (comment)
  It is configured out of the box for the Ory Network service, but as your usecase requires the node not to be online, this is probably not a good option.

• Ory Open Source/UI
  Your assumption is correct, each service can work standalone (or combined with the others). You need to create your own UI, but we do have reference UIs in a number of languages - this is an excellent one: https://github.com/ory/kratos-selfservice-ui-node/

• Forum
  https://community.ory.sh/ has indeed been deprecated and move to GitHub discussions. Feel free to also join our chat.

Lastly, can you share a bit more information on your use case? You might not even need OAuth2, depending on what you are looking to achieve.
See these documents:

• https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/
• https://www.ory.sh/docs/hydra/concepts/before-oauth2
• Also have a look at our community examples, there is much for self-hosting there: https://github.com/ory/examples

[HungryHowies]

@vinckr

Hello and thank you for your time.

As for my use case,

I have multiples domains in my cloud infrastructure. Each one is secured by Enterprise firewall/ Gateway servers. Each SSO server is connected to a different AD DC/LDAP server, for each one of those domains.

The problem with Keycloak is, I need a user for each domain or in this case Realm. What happens is each domain has let’s say, has unique settings for users/admin/credentials, so this would mean that one admin could not be used for all of them. So, if I had 100 domains, I would need 100 Admin users and depending on the requirements of each domain things may change either on a daily/weekly or monthly basis. To make my life a little easier would be one Admin that is able to login to each one, while keep each domain/realm separate entities.

My end goal is to have a user/admin that can be used to control/access all domains using SSO setup like a combat information center (CIC) even thou each AD DC has different setting for one another.

Hope my explanation is clear, there are so many “gotcha’s” in this project.
Any ideas/directions or suggestions would be great.

Thanks again

[HungryHowies]

@vinckr
I forgot to mention, I have install Kratos on a PI3, The Documention works great, Hail Hydra to the doc dudes, good job..

I wanted to expand this interface, it would be nice.