diff --git a/Keycloak.md b/Keycloak.md index 5076c89..548749b 100644 --- a/Keycloak.md +++ b/Keycloak.md @@ -2,6 +2,8 @@ [Outstanding Bug](https://github.com/wekan/wekan/issues/1874#issuecomment-460802250): Create the first user (admin) with the regular process. Then the remaining users can use the Register with OIDC process. +Keycloak settings: [realm-export.zip](https://wekan.github.io/keycloak/realm-export.zip) + Environment Variables that need to be set in your Wekan environment: * OAUTH2_ENABLED = TRUE @@ -15,4 +17,20 @@ Environment Variables that need to be set in your Wekan environment: * OAUTH2_USERNAME_MAP = `preferred_username` * OAUTH2_FULLNAME_MAP = `given_name` * OAUTH2_EMAIL_MAP = `email` -> When creating a Client in keycloak, ensure the access type is confidential under the settings tab. After clicking save, you will have a Credentials tab. You can retrieve the secret from that location. \ No newline at end of file +> When creating a Client in keycloak, ensure the access type is confidential under the settings tab. After clicking save, you will have a Credentials tab. You can retrieve the secret from that location. + +## Snap +Copy below commands to `auth.sh` textfile, make it executeable `chmod +x auth.sh` and run it with `./auth.sh`. +``` +sudo snap set wekan oauth2-enabled='true' +sudo snap set wekan oauth2-client-id='abcd1234' +sudo snap set wekan oauth2-secret='1234abcd' +sudo snap set wekan oauth2-server-url='https://example.com/auth' +sudo snap set wekan oauth2-auth-endpoint='/realms//protocol/openid-connect/auth' +sudo snap set wekan oauth2-userinfo-endpoint='/realms//protocol/openid-connect/userinfo' +sudo snap set wekan oauth2-token-endpoint='/realms//protocol/openid-connect/token' +sudo snap set wekan oauth2-id-map='preferred_username' +sudo snap set wekan oauth2-username-map='preferred_username' +sudo snap set wekan oauth2-fullname-map='given_name' +sudo snap set wekan oauth2-email-map='email' +```