Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-03-02 11:50:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Updated Keycloak OIDC Integration (markdown)

Karim Gillani 2019-02-01 08:57:18 -08:00
parent b6cdc8a6c7
commit b842f14d4b
1 changed files with 31 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

62
Keycloak---OIDC-Integration.md

@ -2,42 +2,42 @@ Outstanding Bug: When the user is registered, in the users entry in the mongo da
Environment Variables that need to be set in your Wekan container:
OAUTH2_ENABLE = TRUE
OAUTH2_CLIENT_ID = <Keycloak create Client ID>
OAUTH2_SERVER_URL = <Keycloak server name>/auth
OAUTH2_AUTH_ENDPOINT = /realms/<keycloak realm>/protocol/openid-connect/auth
OAUTH2_USERINFO_ENDPOINT = /realms/<keycloak realm>/protocol/openid-connect/userinfo
OAUTH2_TOKEN_ENDPOINT = /realms/<keycloak realm>/protocol/openid-connect/token
OAUTH2_SECRET = <keycloak client secret>
** When creating a Client in keycloak, ensure the access type is confidential under the settings tab. After clicking save, you will have a Credentials tab. You can retrieve the secret from that location.
* OAUTH2_ENABLE = TRUE
* OAUTH2_CLIENT_ID = <Keycloak create Client ID>
* OAUTH2_SERVER_URL = <Keycloak server name>/auth
* OAUTH2_AUTH_ENDPOINT = /realms/<keycloak realm>/protocol/openid-connect/auth
* OAUTH2_USERINFO_ENDPOINT = /realms/<keycloak realm>/protocol/openid-connect/userinfo
* OAUTH2_TOKEN_ENDPOINT = /realms/<keycloak realm>/protocol/openid-connect/token
* OAUTH2_SECRET = <keycloak client secret>
> When creating a Client in keycloak, ensure the access type is confidential under the settings tab. After clicking save, you will have a Credentials tab. You can retrieve the secret from that location.
Under the Client area in Keycloak, click on the Mappers area and "create" the following:
1. displayName
Name: displayName
Consent Required: Off
Mapper Type: User Attribute
User Attribute: displayName
Token Claim Name: displayName
Claim JSON Type: String
Add to ID token: on
Add to access token : on
Add to userinfo : on
Multivalued: off
1. displayName
* Name: displayName
* Consent Required: Off
* Mapper Type: User Attribute
* User Attribute: displayName
* Token Claim Name: displayName
* Claim JSON Type: String
* Add to ID token: on
* Add to access token : on
* Add to userinfo : on
* Multivalued: off
2. id
Name: id
Consent Required: Off
Mapper Type: User Property
User Attribute: username
Token Claim Name: id
Claim JSON Type: String
Add to ID token: on
Add to access token : on
Add to userinfo : on
2. id
* Name: id
* Consent Required: Off
* Mapper Type: User Property
* User Attribute: username
* Token Claim Name: id
* Claim JSON Type: String
* Add to ID token: on
* Add to access token : on
* Add to userinfo : on
Edit the existing username mapper:
Token Claim Name: uid
Edit the existing username mapper:
* Token Claim Name: uid