From 2b439b819908a7f6e9cbd9029d82de617230312f Mon Sep 17 00:00:00 2001 From: Frédéric Mangano-Tarumi Date: Thu, 4 Jun 2020 22:00:34 +0200 Subject: Guide to setting up Keycloak for the SSO Signed-off-by: Lukas Fleischer --- conf/config.dev | 2 +- doc/sso.txt | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 doc/sso.txt diff --git a/conf/config.dev b/conf/config.dev index 893e8fd6..37f38c45 100644 --- a/conf/config.dev +++ b/conf/config.dev @@ -20,7 +20,7 @@ aur_location = http://127.0.0.1:8080 disable_http_login = 0 enable-maintenance = 0 -; Single sign-on +; Single sign-on; see doc/sso.txt. [sso] openid_configuration = http://127.0.0.1:8083/auth/realms/aurweb/.well-known/openid-configuration client_id = aurweb diff --git a/doc/sso.txt b/doc/sso.txt new file mode 100644 index 00000000..1b0b1f7d --- /dev/null +++ b/doc/sso.txt @@ -0,0 +1,38 @@ +Single Sign-On (SSO) +==================== + +This guide will walk you through setting up Keycloak for use with aurweb. For +extensive documentation, see . + +Installing Keycloak +------------------- + +Keycloak is in the official Arch repositories: + + # pacman -S keycloak + +The default port is 8080, which conflicts with aurweb’s default port. You need +to edit `/etc/keycloak/standalone.xml`, looking for this line: + + + +The default developer configuration assumes it is set to 8083. Alternatively, +you may customize [options] aur_location and [sso] openid_configuration in +`conf/config`. + +You may then start `keycloak.service` through systemd. + +See also ArchWiki . + +Configuring a realm +------------------- + +Go to and log in as administrator. Then, hover the +text right below the Keycloak logo at the top left, by default *Master*. Click +*Add realm* and name it *aurweb*. + +Open the *Clients* tab, and create a new *openid-connect* client. Call it +*aurweb*, and set the root URL to (your aur_location). + +Create a user from the *Users* tab and try logging in from +. -- cgit v1.2.3-24-g4f1b