From 0c28320b340f7dabdcadaa8557dd22bec88b194e Mon Sep 17 00:00:00 2001
From: Karim Gillani <karim.gillani@gov.bc.ca>
Date: Sat, 23 Feb 2019 19:33:56 -0800
Subject: [PATCH] Simplified Keycloak setup thanks to Commit:
 https://github.com/wekan/wekan/commit/bdbbb12f967f7e4f605e6c3310290180f6c8c6d1

---
 Keycloak.md | 27 +++++----------------------
 1 file changed, 5 insertions(+), 22 deletions(-)

diff --git a/Keycloak.md b/Keycloak.md
index cb1d8e2..5076c89 100644
--- a/Keycloak.md
+++ b/Keycloak.md
@@ -4,32 +4,15 @@
 
 Environment Variables that need to be set in your Wekan environment:
 
-* OAUTH2_ENABLE = TRUE
+* OAUTH2_ENABLED = TRUE
 * OAUTH2_CLIENT_ID = `<Keycloak create Client ID>`
 * OAUTH2_SERVER_URL = `<Keycloak server name>/auth`
 * OAUTH2_AUTH_ENDPOINT = `/realms/<keycloak realm>/protocol/openid-connect/auth`
 * OAUTH2_USERINFO_ENDPOINT = `/realms/<keycloak realm>/protocol/openid-connect/userinfo`
 * OAUTH2_TOKEN_ENDPOINT = `/realms/<keycloak realm>/protocol/openid-connect/token`
 * OAUTH2_SECRET = `<keycloak client secret>`
-* OAUTH2_ID_MAP = `uid`
-* OAUTH2_USERNAME_MAP = `uid`
-* OAUTH2_FULLNAME_MAP = `displayName`
+* OAUTH2_ID_MAP = `preferred_username`
+* OAUTH2_USERNAME_MAP = `preferred_username`
+* OAUTH2_FULLNAME_MAP = `given_name`
 * OAUTH2_EMAIL_MAP = `email`
-> When creating a Client in keycloak, ensure the access type is confidential under the settings tab.  After clicking save, you will have a Credentials tab.  You can retrieve the secret from that location.
-
-Under the Client area in Keycloak, click on the Mappers area and "create" the two following mappers:
-
-1. displayName  
-* Name: displayName
-* Consent Required: Off
-* Mapper Type: User Attribute
-* User Attribute: displayName
-* Token Claim Name: displayName
-* Claim JSON Type: String
-* Add to ID token: on
-* Add to access token : on
-* Add to userinfo : on
-* Multivalued: off
-
-Then Edit the existing username mapper and update the following:  
-* Token Claim Name: uid
\ No newline at end of file
+> When creating a Client in keycloak, ensure the access type is confidential under the settings tab.  After clicking save, you will have a Credentials tab.  You can retrieve the secret from that location.
\ No newline at end of file