From 289c46b7264a169e6ce41728e74281dbc7ea2cbf Mon Sep 17 00:00:00 2001
From: Joey Hafner <jafner425@gmail.com>
Date: Sun, 23 Oct 2022 18:10:03 -0700
Subject: [PATCH] #63 Document how to add ForwardAuth to a new service

---
 homelab/server/config/keycloak/README.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/homelab/server/config/keycloak/README.md b/homelab/server/config/keycloak/README.md
index 286c20c2..cde882f1 100644
--- a/homelab/server/config/keycloak/README.md
+++ b/homelab/server/config/keycloak/README.md
@@ -7,5 +7,12 @@
 | Authorization URL | https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/auth |
 | Access token URL | https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/token |
 | Resource URL, Userinfo URL, API URL | https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/userinfo |
-| Redirect URL | Use the home URL of the application (e.g. https://portainer.jafner.net)
-| Logout URL | https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/logout
\ No newline at end of file
+| Redirect URL | Use the home URL of the application (e.g. https://portainer.jafner.net) |
+| Logout URL | https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/logout |
+
+# How to Add ForwardAuth to a New Service
+We'll assume the new service is hosted at `https://web.jafner.net`.
+1. Open the [traefik-forward-auth client configuration page](https://keycloak.jafner.net/admin/master/console/#/Jafner.net/clients/90760ab3-f77f-48da-9dc1-df5ea6eed3a3/settings) and add the new site (appended with `/_oauth`) to the list of valid redirect URIs. E.g. `https://web.jafner.net/_oauth`.
+2. Add the `traefik-forward-auth@file` Traefik middleware to the service. 
+3. Start up the new service. Open a new private window and navigate to the new service (`https://web.jafner.net`). It should redirect to Keycloak with a login prompt.
+4. If applicable, disable any local auth. 
\ No newline at end of file