Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
blocks:sso:keycloak [2022-08-05 09:23] admin Updated by Melvin 220805 |
blocks:sso:keycloak [2024-08-02 14:39] (current) melvin Minor changes for Keycloak 25.0.2 |
| |
Here's a [[https://vimeo.com/356912392|video]] showing how SSO based on Keycloak can be used. | Here's a [[https://vimeo.com/356912392|video]] showing how SSO based on Keycloak can be used. |
| |
:!: To use Keycloak, your Blocks server must use a secure connection (https), which requires a certificate and use of a domain name. | |
| |
- Install, configure and run Keycloak: [[https://www.keycloak.org/getting-started/getting-started-zip|https://www.keycloak.org/getting-started/getting-started-zip]] | - Install, configure and run Keycloak: [[https://www.keycloak.org/getting-started/getting-started-zip|https://www.keycloak.org/getting-started/getting-started-zip]] |
- Click the "Clients" button in the sidebar menu and add a new client by clicking the "Create client" button. | - Click the "Clients" button in the sidebar menu and add a new client by clicking the "Create client" button. |
- Give it an ID and select "OpenID Connect" as the Client Type. | - Give it an ID and select "OpenID Connect" as the Client Type. |
- On the next screen, turn on Client authentication and click Save. | - On the next screen, turn on Client authentication, click Next and then click Save. |
- On the settings page of your new client, add "https://[BLOCKS-DOMAIN]/rest/auth/*" as a "Valid Redirect URI". Save your changes. | - On the settings page of your new client, add "http://[BLOCKS-IP-OR-DOMAIN]/rest/auth/*" as a "Valid Redirect URI". Save your changes. |
- Select the "Credentials" tab at the top of your client settings page and note the "Client secret" for use as [CLIENT-SECRET] in step 1 of the Blocks specific section below. | - Select the "Credentials" tab at the top of your client settings page and note the "Client secret" for use as [CLIENT-SECRET] in step 1 of the Blocks specific section below. |
- Click the "Realm roles" button in the sidebar menu. Click the "Create role" button and add the role "Admin". Repeat the process until you end up with the following roles listed: | - Click the "Realm roles" button in the sidebar menu. Click the "Create role" button and add the role "Admin". Repeat the process until you end up with the following roles listed: |
* Contributor | * Contributor |
* Staff | * Staff |
- Click the "Users" button in the sidebar menu. Click the "Add user" button and add your first user. On the edit page for the newly created user, select the "Role mapping" tab at the top and assign the roles you want this user to have. | - Click the "Users" button in the sidebar menu. Click the "Add user" button and add your first user. On the edit page for the newly created user, select the "Role mapping" tab at the top and assign the roles you want this user to have. You may need to change the filter from "Filter by clients" to "Filter by realm roles" to see the roles. |
- Select the "Credentials" tab at the top to create a password for the user. | - Select the "Credentials" tab at the top to create a password for the user. |
| |
urlResolver: null | urlResolver: null |
ajaxRequestResolver: null | ajaxRequestResolver: null |
callbackUrl: https://[BLOCKS-DOMAIN]/rest/auth/callback | callbackUrl: http://[BLOCKS-IP-OR-DOMAIN]/rest/auth/callback |
rolesOwner: claims | rolesOwner: claims |
rolesPath: realm_access.roles | rolesPath: realm_access.roles |