LailaTheElf/hedgedoc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hedgedoc/docs/guides/auth/keycloak.md
Simon Fish 335065cba9 Provide documentation for configuration with Keycloak 
Signed-off-by: Simon Fish <si@mon.fish>
2019-05-06 17:15:07 +01:00

40 lines
2.1 KiB
Markdown
Raw Blame History

Keycloak/Red Hat SSO (self-hosted)
===
1. Sign in to your Keycloak instance at https://keycloak.example.com/auth/admin/master/console
2. Navigate to the client management page at `https://keycloak.example.com/auth/admin/master/console/#/realms/your-realm/clients` (admin permissions required)
3. Click **Create** to create a new client and fill out the registration form. You should set the Root URL to the fully qualified public URL of your CodiMD instance.
4. Click **Save**
5. Set the **Access Type** of the client to `confidential`. This will make your client require a client secret upon authentication.
---
### Additional steps to circumvent generic OAuth2 issue:
1. Select Client Scopes from the sidebar, and create a new one.
2. Ensure that the **Name** is set to `id`.
3. Create a new mapper under the Mappers tab. This should reference the User Property `id`. `Claim JSON Type` should be String and all switches below should be enabled. Save the mapper.
4. Go to your client, then choose the Client Scopes tab. Apply the scope you've created. This should mitigate errors as seen in [codimd/server#56](https://github.com/codimd/server/issues/56).
---
6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:`
```
- CMD_OAUTH2_USER_PROFILE_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/userinfo
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
- CMD_OAUTH2_TOKEN_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/token
- CMD_OAUTH2_AUTHORIZATION_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/auth
- CMD_OAUTH2_CLIENT_ID=<your client ID>
- CMD_OAUTH2_CLIENT_SECRET=<your client secret, which you can find under the Credentials tab for your client>
- CMD_OAUTH2_PROVIDERNAME=Keycloak
- CMD_DOMAIN=<codimd.example.com>
- CMD_PROTOCOL_USESSL=true
- CMD_URL_ADDPORT=false
```
7. Run `docker-compose up -d` to apply your settings.
8. Sign in to your CodiMD using your Keycloak ID
Reference in New Issue View Git Blame Copy Permalink