Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
blocks:sso:keycloak [2019-03-12 14:53] max |
blocks:sso:keycloak [2024-08-02 14:39] (current) melvin Minor changes for Keycloak 25.0.2 |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====KeyCloak==== | + | ====== Keycloak ====== |
- | | + | Here's a [[https:// |
- | - Login to the admin pages of KeyCloak. | + | |
- | | + | |
- | - Click the " | + | - Login to the admin pages of Keycloak. |
- | - Give it a name and select "openid-connect" as the Client | + | |
- | - On the settings page of your new client, add " | + | {{ : |
- | - Select the " | + | |
- | - Click the "Roles" button in the sidebar menu. Click the "Add Role" button and add the role " | + | - Click the " |
+ | - Give it an ID and select "OpenID Connect" as the Client | ||
+ | - On the next screen, turn on Client authentication, | ||
+ | - On the settings page of your new client, add "http://[BLOCKS-IP-OR-DOMAIN]/ | ||
+ | - Select the " | ||
+ | - Click the "Realm roles" button in the sidebar menu. Click the "Create role" button and add the role " | ||
* Admin | * Admin | ||
* Manager | * Manager | ||
Line 15: | Line 20: | ||
* Contributor | * Contributor | ||
* Staff | * Staff | ||
- | - Click the " | + | - Click the " |
+ | - Select the " | ||
- | ====Blocks specific steps==== | + | ===== Blocks specific steps ===== |
- | - Open your Blocks configuration file on your Blocks server and add the " | + | - Open your Blocks configuration file on your Blocks server and add the " |
* < | * < | ||
server: | server: | ||
+ | type: pixilab_server | ||
auth: | auth: | ||
urlResolver: | urlResolver: | ||
ajaxRequestResolver: | ajaxRequestResolver: | ||
- | callbackUrl: | + | callbackUrl: |
rolesOwner: claims | rolesOwner: claims | ||
rolesPath: realm_access.roles | rolesPath: realm_access.roles | ||
Line 31: | Line 38: | ||
- org.pac4j.oidc.client.OidcClient: | - org.pac4j.oidc.client.OidcClient: | ||
configuration: | configuration: | ||
- | discoveryURI: | + | discoveryURI: |
clientId: [CLIENT-ID] | clientId: [CLIENT-ID] | ||
secret: [CLIENT-SECRET] | secret: [CLIENT-SECRET] | ||
clientAuthenticationMethod: | clientAuthenticationMethod: | ||
- | scope: openid profile | + | scope: openid profile |
servlet: | servlet: | ||
- | | + | |
- | - matchers: internalMatcher | + | - matchers: internalMatcher |
- | clients: OidcClient | + | clients: OidcClient |
- | authorizers: | + | authorizers: |
</ | </ | ||
- Start Blocks and go to "/ | - Start Blocks and go to "/ | ||
+ | |||
+ | ===== Role Mapping ===== | ||
+ | |||
+ | If the roles you've added to Keycloak does not match the roles used by blocks, or if you have set up roles on Keycloak already and would like to re-use them, you can add role mapping to the Blocks configuration file. You do this by defining a server.auth.rolesMapping parameter where the keys are the roles of your Keycloak configuration and the values the roles Blocks know about. For example: | ||
+ | |||
+ | < | ||
+ | rolesMapping: | ||
+ | KeycloakAdmin: | ||
+ | KeycloakManager: | ||
+ | KeycloakCreator: | ||
+ | KeycloakEditor: | ||
+ | KeycloakContributor: | ||
+ | KeycloakStaff: | ||
+ | </ | ||
+ |