mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-11-30 09:16:52 +02:00
Update keycloak provider configuration doc (#347)
* update keycloak provider configuration doc * Add changelog entry
This commit is contained in:
parent
7663565cd3
commit
f94dee6f0d
@ -5,6 +5,7 @@
|
|||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
## Changes since v4.1.0
|
## Changes since v4.1.0
|
||||||
|
- [#347](https://github.com/pusher/oauth2_proxy/pull/347) Update keycloak provider configuration documentation
|
||||||
- [#325](https://github.com/pusher/oauth2_proxy/pull/325) dist.sh: use sha256sum (@syscll)
|
- [#325](https://github.com/pusher/oauth2_proxy/pull/325) dist.sh: use sha256sum (@syscll)
|
||||||
- [#179](https://github.com/pusher/oauth2_proxy/pull/179) Add Nextcloud provider (@Ramblurr)
|
- [#179](https://github.com/pusher/oauth2_proxy/pull/179) Add Nextcloud provider (@Ramblurr)
|
||||||
|
|
||||||
|
@ -107,8 +107,9 @@ If you are using GitHub enterprise, make sure you set the following to the appro
|
|||||||
|
|
||||||
### Keycloak Auth Provider
|
### Keycloak Auth Provider
|
||||||
|
|
||||||
1. Create new client in your Keycloak with **Access Type** 'confidental'.
|
1. Create new client in your Keycloak with **Access Type** 'confidental' and **Valid Redirect URIs** 'https://internal.yourcompany.com/oauth2/callback'
|
||||||
2. Create a mapper with **Mapper Type** 'Group Membership'.
|
2. Take note of the Secret in the credential tab of the client
|
||||||
|
3. Create a mapper with **Mapper Type** 'Group Membership' and **Token Claim Name** 'groups'.
|
||||||
|
|
||||||
Make sure you set the following to the appropriate url:
|
Make sure you set the following to the appropriate url:
|
||||||
|
|
||||||
@ -116,8 +117,11 @@ Make sure you set the following to the appropriate url:
|
|||||||
-client-id=<client you have created>
|
-client-id=<client you have created>
|
||||||
-client-secret=<your client's secret>
|
-client-secret=<your client's secret>
|
||||||
-login-url="http(s)://<keycloak host>/realms/<your realm>/protocol/openid-connect/auth"
|
-login-url="http(s)://<keycloak host>/realms/<your realm>/protocol/openid-connect/auth"
|
||||||
-redeem-url="http(s)://<keycloak host>/realms/master/<your realm>/openid-connect/auth/token"
|
-redeem-url="http(s)://<keycloak host>/realms/<your realm>/protocol/openid-connect/token"
|
||||||
-validate-url="http(s)://<keycloak host>/realms/master/<your realm>/openid-connect/userinfo"
|
-validate-url="http(s)://<keycloak host>/realms/<your realm>/protocol/openid-connect/userinfo"
|
||||||
|
-keycloak-group=<user_group>
|
||||||
|
|
||||||
|
The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.
|
||||||
|
|
||||||
### GitLab Auth Provider
|
### GitLab Auth Provider
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user