-
Notifications
You must be signed in to change notification settings - Fork 101
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PHRAS-4007: Auth provider - add keycloak provider - openid (#4462)
* keycloak provider * add readme * comment regenarete password * add exclusive option to provider an column can_renew_passwor to user * default exclusive false * always compatible with psauth * bump image tag .env * bump Version to 4.1.8-rc9 * bump version to rc12 * add autoconnect
- Loading branch information
Showing
32 changed files
with
1,421 additions
and
369 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# openid configuration | ||
|
||
#### phraseanet configuration | ||
To connect with an openid with phraseanet, add the following config in the configuration.yml file | ||
|
||
|
||
```yaml | ||
authentication: | ||
providers: | ||
openid-1: | ||
enabled: true | ||
display: true | ||
title: ' openid 1' | ||
type: openid | ||
options: | ||
client-id: 'client-id' | ||
client-secret: 'client-secret' | ||
base-url: 'https://keycloak.phrasea.local' | ||
realm-name: phrasea | ||
# if true, can only connect with this provider | ||
# the user cannot connect with the default phraseanet login form | ||
exclusive: false | ||
icon-uri: null | ||
birth-group: _firstlog | ||
everyone-group: _everyone | ||
metamodel: _metamodel | ||
# group model prefix | ||
model-gpfx: _M_ | ||
# user model prefix | ||
model-upfx: _U_ | ||
debug: false | ||
# logout with phraseanet and also logout with keycloak | ||
auto-logout: true | ||
auto-connect-idp-name: null | ||
|
||
``` | ||
#### keycloak configuration | ||
- create a new client | ||
- get clien-id and client-secret | ||
- in the client setting: | ||
set the 'Valid redirect URIs' field with `https://{phraseanet-host}/login/provider/{provider-name}/callback/` | ||
eg: https://phraseanet.phrasea.local/login/provider/openid-1/callback/ | ||
|
||
set the 'Valid post logout redirect URIs' field with `https://{phraseanet-host}/login/logout/` eg: https://phraseanet.phrasea.local/login/logout/ | ||
|
||
- Choose a client > client scopes > '.... dedicated' | ||
|
||
add a 'groups' mapper if not exist, > Add mapper > by configuration | ||
|
||
`Mapper type` => Group Membership | ||
`Name` => groups | ||
`Token Claim Name` => groups | ||
`Full group path` => off | ||
`Add to userinfo` => on |
File renamed without changes.
Oops, something went wrong.