Changes

Page history
add nextcloud authored by Roland Alton's avatar Roland Alton
Hide whitespace changes
Inline Side-by-side
Configuring-KeyCloak-and-Clients.md
View page @ 7356d5ea
## fairlogin ## fairlogin
Login with a user that has admin role at https://id.fairkom.net/auth/ and change to realm fairlogin. Login with a user that has admin role at https://id.fairkom.net/auth/ and change to realm fairlogin.
https://www.keycloak.org/documentation.html https://www.keycloak.org/documentation.html
### SAML ### SAML
List SAML descriptor https://id.fairkom.net/auth/realms/fairlogin/protocol/saml/descriptor List SAML descriptor https://id.fairkom.net/auth/realms/fairlogin/protocol/saml/descriptor
### OpenID ### OpenID
Find all endpoints here https://id.fairkom.net/auth/realms/fairlogin/.well-known/openid-configuration Find all endpoints here https://id.fairkom.net/auth/realms/fairlogin/.well-known/openid-configuration
``` ```
https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/token https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/token
https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/userinfo https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/userinfo
https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/auth https://id.fairkom.net/auth/realms/fairlogin/protocol/openid-connect/auth
``` ```
How to [add rocket.chat as OIDC client](openid-connect-with-rocketchat) How to [add rocket.chat as OIDC client](openid-connect-with-rocketchat)
For **wordpress** use the plugins https://github.com/oidc-wp/openid-connect-generic with https://github.com/timnolte/oidc-keycloak-sso and as OpenID scope `email openid profile`. #### wordpress
### Identity Provider plugins https://github.com/oidc-wp/openid-connect-generic with https://github.com/timnolte/oidc-keycloak-sso and as OpenID scope `email openid profile`
Add an oAuth ISP (such as eID #117) and set in Keycloak the oAuth Identity Provider Client ID just to a simple name (not a URL) and use that when registering your Keycloak based service. #### nextcloud
### Federate Keycloaks Install app OIDC Connect (user_oidc). Enter discover endpoint https://key.domain.net.net/auth/realms/sso/.well-known/openid-configuration
Add a Keycloak identity provider in your Keycloak realm. To make logout work use the backchannel logout link shown on the OIDC nextcloud app and de-activate in the Keycloak client setting `Backchannel logout session required` (see also https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/90)
Import the OpenID SSO profile from the other Keycloak IdP https://sso.fwf.ac.at/auth/realms/sso/.well-known/openid-configuration (import URL). ### Identity Provider
Add OIDC client in the other Keycloak IdP, change to secret and copy id (federateX-fairlogin) and secret to fairlogin Keaycloak. Add an oAuth ISP (such as eID #117) and set in Keycloak the oAuth Identity Provider Client ID just to a simple name (not a URL) and use that when registering your Keycloak based service.
Disable e-mail verification, if your federated Keycloak is trusted to already do so. ### Federate Keycloaks
Add a Keycloak identity provider in your Keycloak realm.
Import the OpenID SSO profile from the other Keycloak IdP https://sso.fwf.ac.at/auth/realms/sso/.well-known/openid-configuration (import URL).
Add OIDC client in the other Keycloak IdP, change to secret and copy id (federateX-fairlogin) and secret to fairlogin Keaycloak.
Disable e-mail verification, if your federated Keycloak is trusted to already do so.

gitlab project and software management by fairkom.eu - more open source web apps at fairapps.net