diff --git a/contrib/local-environment/docker-compose-keycloak.yaml b/contrib/local-environment/docker-compose-keycloak.yaml index 2cfc51fa..8ae66be6 100644 --- a/contrib/local-environment/docker-compose-keycloak.yaml +++ b/contrib/local-environment/docker-compose-keycloak.yaml @@ -43,23 +43,18 @@ services: keycloak: container_name: keycloak - image: jboss/keycloak:10.0.2 + image: keycloak/keycloak:25.0.1-0 hostname: keycloak command: - [ - '-b', - '0.0.0.0', - '-Djboss.socket.binding.port-offset=1000', - '-Dkeycloak.migration.action=import', - '-Dkeycloak.migration.provider=dir', - '-Dkeycloak.migration.dir=/realm-config', - '-Dkeycloak.migration.strategy=IGNORE_EXISTING' - ] + - 'start-dev' + - '--http-port=9080' + - '--import-realm' volumes: - - ./keycloak:/realm-config + - ./keycloak:/opt/keycloak/data/import environment: - KEYCLOAK_USER: admin@example.com - KEYCLOAK_PASSWORD: password + KC_HTTP_PORT: 9080 + KEYCLOAK_ADMIN: admin@example.com + KEYCLOAK_ADMIN_PASSWORD: password ports: - 9080:9080/tcp networks: diff --git a/contrib/local-environment/keycloak/master-realm.json b/contrib/local-environment/keycloak/oauth2-proxy-realm.json similarity index 98% rename from contrib/local-environment/keycloak/master-realm.json rename to contrib/local-environment/keycloak/oauth2-proxy-realm.json index 972763b5..d07973c9 100644 --- a/contrib/local-environment/keycloak/master-realm.json +++ b/contrib/local-environment/keycloak/oauth2-proxy-realm.json @@ -1,6 +1,6 @@ { - "id": "master", - "realm": "master", + "id": "oauth2-proxy", + "realm": "oauth2-proxy", "displayName": "Keycloak", "displayNameHtml": "
Keycloak
", "notBefore": 0, @@ -48,7 +48,7 @@ "description": "${role_offline-access}", "composite": false, "clientRole": false, - "containerId": "master", + "containerId": "oauth2-proxy", "attributes": {} }, { @@ -61,7 +61,7 @@ "create-realm" ], "client": { - "master-realm": [ + "oauth2-proxy-realm": [ "query-groups", "create-client", "query-realms", @@ -84,7 +84,7 @@ } }, "clientRole": false, - "containerId": "master", + "containerId": "oauth2-proxy", "attributes": {} }, { @@ -93,7 +93,7 @@ "description": "${role_uma_authorization}", "composite": false, "clientRole": false, - "containerId": "master", + "containerId": "oauth2-proxy", "attributes": {} }, { @@ -102,7 +102,7 @@ "description": "${role_create-realm}", "composite": false, "clientRole": false, - "containerId": "master", + "containerId": "oauth2-proxy", "attributes": {} } ], @@ -122,7 +122,7 @@ "attributes": {} } ], - "master-realm": [ + "oauth2-proxy-realm": [ { "id": "a8271c2c-6437-4ca5-ae83-49ea5fe1318d", "name": "query-groups", @@ -229,7 +229,7 @@ "composite": true, "composites": { "client": { - "master-realm": [ + "oauth2-proxy-realm": [ "query-groups", "query-users" ] @@ -273,7 +273,7 @@ "composite": true, "composites": { "client": { - "master-realm": [ + "oauth2-proxy-realm": [ "query-clients" ] } @@ -439,7 +439,7 @@ "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", + "baseUrl": "/realms/oauth2-proxy/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -450,7 +450,7 @@ "manage-account" ], "redirectUris": [ - "/realms/master/account/*" + "/realms/oauth2-proxy/account/*" ], "webOrigins": [], "notBefore": 0, @@ -486,14 +486,14 @@ "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", + "baseUrl": "/realms/oauth2-proxy/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "91f85142-ee18-4e30-9949-e5acb701bdee", "redirectUris": [ - "/realms/master/account/*" + "/realms/oauth2-proxy/account/*" ], "webOrigins": [], "notBefore": 0, @@ -616,8 +616,8 @@ }, { "id": "7174c175-1887-4e57-b95b-969fe040deff", - "clientId": "master-realm", - "name": "master Realm", + "clientId": "oauth2-proxy-realm", + "name": "oauth2-proxy Realm", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -711,14 +711,14 @@ "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/master/console/", + "baseUrl": "/admin/oauth2-proxy/console/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "b234b7aa-8417-410f-b3fd-c57434d3aa4a", "redirectUris": [ - "/admin/master/console/*" + "/admin/oauth2-proxy/console/*" ], "webOrigins": [ "+" diff --git a/contrib/local-environment/keycloak/master-users-0.json b/contrib/local-environment/keycloak/oauth2-proxy-users-0.json similarity index 97% rename from contrib/local-environment/keycloak/master-users-0.json rename to contrib/local-environment/keycloak/oauth2-proxy-users-0.json index 0faaab6a..450a458e 100644 --- a/contrib/local-environment/keycloak/master-users-0.json +++ b/contrib/local-environment/keycloak/oauth2-proxy-users-0.json @@ -1,5 +1,5 @@ { - "realm": "master", + "realm": "oauth2-proxy", "users": [ { "id": "3356c0a0-d4d5-4436-9c5a-2299c71c08ec", diff --git a/contrib/local-environment/oauth2-proxy-keycloak.cfg b/contrib/local-environment/oauth2-proxy-keycloak.cfg index 602cf312..391ad331 100644 --- a/contrib/local-environment/oauth2-proxy-keycloak.cfg +++ b/contrib/local-environment/oauth2-proxy-keycloak.cfg @@ -2,8 +2,8 @@ http_address="0.0.0.0:4180" cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" email_domains="example.com" cookie_secure="false" -upstreams="http://httpbin.localtest.me:8080" -cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains. +upstreams="http://httpbin" +cookie_domains=["oauth2-proxy.localtest.me:4080", "httpbin.localtest.me:8080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains. whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target. # keycloak provider @@ -12,7 +12,7 @@ client_id="oauth2-proxy" redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback" # in this case oauth2-proxy is going to visit -# http://keycloak.localtest.me:9080/auth/realms/master/.well-known/openid-configuration for configuration -oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master" +# http://keycloak.localtest.me:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration +oidc_issuer_url="http://keycloak.localtest.me:9080/realms/oauth2-proxy" provider="oidc" provider_display_name="Keycloak"