Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
blocks:sso:keycloak [2022-08-05 09:23]
admin Updated by Melvin 220805
blocks:sso:keycloak [2024-08-02 14:39] (current)
melvin Minor changes for Keycloak 25.0.2
Line 2: Line 2:
  
 Here's a [[https://vimeo.com/356912392|video]] showing how SSO based on Keycloak can be used. Here's a [[https://vimeo.com/356912392|video]] showing how SSO based on Keycloak can be used.
- 
-:!: To use Keycloak, your Blocks server must use a secure connection (https), which requires a certificate and use of a domain name. 
  
   - Install, configure and run Keycloak: [[https://www.keycloak.org/getting-started/getting-started-zip|https://www.keycloak.org/getting-started/getting-started-zip]]   - Install, configure and run Keycloak: [[https://www.keycloak.org/getting-started/getting-started-zip|https://www.keycloak.org/getting-started/getting-started-zip]]
Line 12: Line 10:
   - Click the "Clients" button in the sidebar menu and add a new client by clicking the "Create client" button.   - Click the "Clients" button in the sidebar menu and add a new client by clicking the "Create client" button.
   - Give it an ID and select "OpenID Connect" as the Client Type.   - Give it an ID and select "OpenID Connect" as the Client Type.
-  - On the next screen, turn on Client authentication and click Save. +  - On the next screen, turn on Client authentication, click Next and then click Save. 
-  - On the settings page of your new client, add "https://[BLOCKS-DOMAIN]/rest/auth/*" as a "Valid Redirect URI". Save your changes.+  - On the settings page of your new client, add "http://[BLOCKS-IP-OR-DOMAIN]/rest/auth/*" as a "Valid Redirect URI". Save your changes.
   - Select the "Credentials" tab at the top of your client settings page and note the "Client secret" for use as [CLIENT-SECRET] in step 1 of the Blocks specific section below.   - Select the "Credentials" tab at the top of your client settings page and note the "Client secret" for use as [CLIENT-SECRET] in step 1 of the Blocks specific section below.
   - Click the "Realm roles" button in the sidebar menu. Click the "Create role" button and add the role "Admin". Repeat the process until you end up with the following roles listed:   - Click the "Realm roles" button in the sidebar menu. Click the "Create role" button and add the role "Admin". Repeat the process until you end up with the following roles listed:
Line 22: Line 20:
     * Contributor     * Contributor
     * Staff     * Staff
-  - Click the "Users" button in the sidebar menu. Click the "Add user" button and add your first user. On the edit page for the newly created user, select the "Role mapping" tab at the top and assign the roles you want this user to have.+  - Click the "Users" button in the sidebar menu. Click the "Add user" button and add your first user. On the edit page for the newly created user, select the "Role mapping" tab at the top and assign the roles you want this user to have. You may need to change the filter from "Filter by clients" to "Filter by realm roles" to see the roles.
   - Select the "Credentials" tab at the top to create a password for the user.   - Select the "Credentials" tab at the top to create a password for the user.
  
Line 34: Line 32:
     urlResolver: null     urlResolver: null
     ajaxRequestResolver: null     ajaxRequestResolver: null
-    callbackUrl: https://[BLOCKS-DOMAIN]/rest/auth/callback+    callbackUrl: http://[BLOCKS-IP-OR-DOMAIN]/rest/auth/callback
     rolesOwner: claims     rolesOwner: claims
     rolesPath: realm_access.roles     rolesPath: realm_access.roles