Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity
97e4cc547a
Jafner.net/active projects/homelab/fighter/config/keycloak/README.md
Joey Hafner 97e4cc547a
Init Jafner.net monorepo from constituent repos: 
1. homelab [Gitea](https://gitea.jafner.tools/Jafner/homelab), [Github (docker_config)](https://github.com/Jafner/docker_config), [Github (wiki)](https://github.com/Jafner/wiki), [Github (cloud_tools)](https://github.com/Jafner/cloud_tools), [Github (self-hosting)](https://github.com/Jafner/self-hosting).
   - Rename? Jafner.net? Wouldn't that be `Jafner/Jafner.net/Jafner.net`?
2. Jafner.dev [Github](https://github.com/Jafner/Jafner.dev).
3. dotfiles [Gitea](https://gitea.jafner.tools/Jafner/dotfiles), [Github](https://github.com/Jafner/dotfiles).
4. nvgm [Gitea](https://gitea.jafner.tools/Jafner/nvgm)
5. pamidi [Gitea](https://gitea.jafner.tools/Jafner/pamidi), [Github](https://github.com/Jafner/pamidi)
6. docker-llm-amd [Gitea](https://gitea.jafner.tools/Jafner/docker-llm-amd)
7. doradash [Gitea](https://gitea.jafner.tools/Jafner/doradash)
8. clip-it-and-ship-it [Gitea (PyClipIt)](https://gitea.jafner.tools/Jafner/PyClipIt), [Github](https://github.com/Jafner/clip-it-and-ship-it).
9. razer battery led [Github](https://github.com/Jafner/Razer-BatteryLevelRGB)
10. 5etools-docker [Github](https://github.com/Jafner/5etools-docker)
11. jafner-homebrew [Github](https://github.com/Jafner/jafner-homebrew)
2024-07-15 15:35:16 -07:00

2.7 KiB
Raw Blame History

OIDC Configuration Information Table

Application asks for... URL
Client ID In Keycloak, under the Jafner.net realm, click Clients -> Create Client. Set your own Client ID
Client Secret After creating the client in Keycloak, go to Clients -> -> Credentials. Then click the copy icon to the right of "Client secret".
Client Scopes email openid profile
Metadata URL https://keycloak.jafner.net/realms/Jafner.net/.well-known/openid-configuration
Authorization URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/auth
Access token URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/token
Resource URL, Userinfo URL, API URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/userinfo
Redirect URL Use the home URL of the application (e.g. https://portainer.jafner.net)
Logout URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/logout

How to Add ForwardAuth to a New Service

We'll assume the new service is hosted at https://web.jafner.net.

  1. Open the traefik-forward-auth client configuration page and add the new site (appended with /_oauth) to the list of valid redirect URIs. E.g. https://web.jafner.net/_oauth.
  2. Add the traefik-forward-auth@file Traefik middleware to the service.
  3. Start up the new service. Open a new private window and navigate to the new service (https://web.jafner.net). It should redirect to Keycloak with a login prompt.
  4. If applicable, disable any local auth.

Export and Import Realms

Docs on Keycloak.org

Export Realms

With the docker container offline, run: docker-compose run --rm --entrypoint="/opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/import --users realm_file" keycloak

This will export the contents of each realm to a json file in the import/ directory. /opt/keycloak/data should be the directory that is mounted to the host.

Import Realms

To import realms at startup, replace the startup command with start --import-realm Additionally, you'll need to map the directory containing the files to import (e.g. $KEYCLOAK_DATA/import) to the /opt/keycloak/data/import inside the container.

For each realm to import, run docker-compose run --entrypoint="/opt/keycloak/bin/kc.sh import --file /opt/keycloak/data/import/{REALM_NAME}.json" keycloak (replace {REALM_NAME} with the name of the realm.)

https://howtodoinjava.com/devops/keycloak-script-upload-is-disabled/