[4/4] Guide to setting up Keycloak for the SSO

Message ID 20200604200034.GA893971@tsubame.mg0.fr
State New
Headers show
Series
  • [1/4] Remove the FastAPI /hello test route
Related show

Commit Message

Frédéric Mangano-Tarumi June 4, 2020, 8 p.m. UTC
---
 conf/config.dev |  2 +-
 doc/SSO         | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 doc/SSO

Comments

Lukas Fleischer June 6, 2020, 12:44 p.m. UTC | #1
On Thu, 04 Jun 2020 at 16:00:34, Frédéric Mangano-Tarumi wrote:
> ---
>  conf/config.dev |  2 +-
>  doc/SSO         | 38 ++++++++++++++++++++++++++++++++++++++

Nit: Can we name this file sso.txt, following the convention in the doc/
directory?

>  2 files changed, 39 insertions(+), 1 deletion(-)
>  create mode 100644 doc/SSO

Looks good otherwise, thanks!

Patch

diff --git a/conf/config.dev b/conf/config.dev
index 27e981f8..fb0cc99a 100644
--- a/conf/config.dev
+++ b/conf/config.dev
@@ -20,7 +20,7 @@  aur_location = http://127.0.0.1:8080
 disable_http_login = 0
 enable-maintenance = 0
 
-; Single sign-on
+; Single sign-on. See doc/SSO
 [sso]
 openid_configuration = http://127.0.0.1:8083/auth/realms/aurweb/.well-known/openid-configuration
 client_id = aurweb
diff --git a/doc/SSO b/doc/SSO
new file mode 100644
index 00000000..1b0b1f7d
--- /dev/null
+++ b/doc/SSO
@@ -0,0 +1,38 @@ 
+Single Sign-On (SSO)
+====================
+
+This guide will walk you through setting up Keycloak for use with aurweb. For
+extensive documentation, see <https://www.keycloak.org/documentation.html>.
+
+Installing Keycloak
+-------------------
+
+Keycloak is in the official Arch repositories:
+
+    # pacman -S keycloak
+
+The default port is 8080, which conflicts with aurweb’s default port. You need
+to edit `/etc/keycloak/standalone.xml`, looking for this line:
+
+    <socket-binding name="http" port="${jboss.http.port:8080}"/>
+
+The default developer configuration assumes it is set to 8083. Alternatively,
+you may customize [options] aur_location and [sso] openid_configuration in
+`conf/config`.
+
+You may then start `keycloak.service` through systemd.
+
+See also ArchWiki <https://wiki.archlinux.org/index.php/Keycloak>.
+
+Configuring a realm
+-------------------
+
+Go to <http://127.0.0.1:8083/auth> and log in as administrator. Then, hover the
+text right below the Keycloak logo at the top left, by default *Master*. Click
+*Add realm* and name it *aurweb*.
+
+Open the *Clients* tab, and create a new *openid-connect* client. Call it
+*aurweb*, and set the root URL to <http://127.0.0.1:8080> (your aur_location).
+
+Create a user from the *Users* tab and try logging in from
+<http://127.0.0.1:8083/auth/realms/aurweb/account/>.