Updated Keycloak (markdown)

2025-12-19 17:00:13 +01:00 · 2024-11-28 16:36:06 +02:00 · 2024-11-28 16:36:06 +02:00 · d9d3d605b2
commit d9d3d605b2
parent 6705e0b5eb
1 changed files with 7 additions and 15 deletions
--- a/Keycloak.md
+++ b/Keycloak.md
@ -1,14 +1,6 @@
 [2022 KEYCLOAK CERTIFICATE FIX HERE](https://github.com/wekan/wekan/issues/4525)
-[Somebody got Keycloak working](https://github.com/wekan/wekan/issues/3277#issuecomment-696333794)
+[Newest Keycloak fix merged 2024-11-28](https://github.com/wekan/wekan/pull/5597)
 NOTE: Is that preffered_username setting wrong? Correct settings should be for OIDC login:
 ```
 sudo snap set wekan oauth2-username-map='email'
 sudo snap set wekan oauth2-email-map='email'
 ```
 [Outstanding Bug](https://github.com/wekan/wekan/issues/1874#issuecomment-460802250): Create the first user (admin) with the regular process.  Then the remaining users can use the Register with OIDC process.
@ -26,13 +18,13 @@ Copy below commands to `auth.sh` textfile, make it executeable `chmod +x auth.sh
 sudo snap set wekan oauth2-enabled='true'
 sudo snap set wekan oauth2-client-id='<Keycloak create Client ID>'
 sudo snap set wekan oauth2-secret='<Keycloak Client secret>'
-sudo snap set wekan oauth2-server-url='<Keycloak server name>/auth'
+sudo snap set wekan oauth2-server-url='<Keycloak server url - https://keycloak.example.com>'
 sudo snap set wekan oauth2-auth-endpoint='/realms/<keycloak realm>/protocol/openid-connect/auth'
 sudo snap set wekan oauth2-userinfo-endpoint='/realms/<keycloak realm>/protocol/openid-connect/userinfo'
 sudo snap set wekan oauth2-token-endpoint='/realms/<keycloak realm>/protocol/openid-connect/token'
-sudo snap set wekan oauth2-id-map='preferred_username'
+sudo snap set wekan oauth2-id-map='sub'
 sudo snap set wekan oauth2-username-map='preferred_username'
-sudo snap set wekan oauth2-fullname-map='given_name'
+sudo snap set wekan oauth2-fullname-map='name'
 sudo snap set wekan oauth2-email-map='email'
 ```
 ### Debugging, if Snap OIDC login does not work
@ -52,14 +44,14 @@ sudo systemctl status snap.wekan.wekan
 - DEBUG=true
 - OAUTH2_ENABLED=true
 - OAUTH2_CLIENT_ID=<Keycloak create Client ID>
- OAUTH2_SERVER_URL=<Keycloak server name>/auth
+- OAUTH2_SERVER_URL=<Keycloak server url - https://keycloak.example.com>
 - OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
 - OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
 - OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
 - OAUTH2_SECRET=<keycloak client secret>
- OAUTH2_ID_MAP=preferred_username
+- OAUTH2_ID_MAP=sub
 - OAUTH2_USERNAME_MAP=preferred_username
- OAUTH2_FULLNAME_MAP=given_name
+- OAUTH2_FULLNAME_MAP=name
 - OAUTH2_EMAIL_MAP=email
 ```
 ### Debugging, if Docker OIDC login does not work