homelab/server/config/keycloak
2023-01-24 21:36:40 -08:00
..
.env #36 Update for volume logic issue 2022-11-01 12:12:57 -07:00
docker-compose.yml Whitelist for forwardauth-privileged 2023-01-24 21:36:40 -08:00
forwardauth-privileged.env Update secrets for privileged instance 2023-01-11 21:49:05 -08:00
forwardauth.env #36 for Keycloak 2022-11-01 00:33:30 -07:00
keycloak.env #36 Update for volume logic issue 2022-11-01 12:12:57 -07:00
README.md #63 Document how to add ForwardAuth to a new service 2022-10-23 18:10:03 -07:00

OIDC Configuration Information Table

Application asks for... URL
Client ID In Keycloak, under the Jafner.net realm, click Clients -> Create Client. Set your own Client ID
Client Secret After creating the client in Keycloak, go to Clients -> -> Credentials. Then click the copy icon to the right of "Client secret".
Client Scopes email openid profile
Authorization URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/auth
Access token URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/token
Resource URL, Userinfo URL, API URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/userinfo
Redirect URL Use the home URL of the application (e.g. https://portainer.jafner.net)
Logout URL https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/logout

How to Add ForwardAuth to a New Service

We'll assume the new service is hosted at https://web.jafner.net.

  1. Open the traefik-forward-auth client configuration page and add the new site (appended with /_oauth) to the list of valid redirect URIs. E.g. https://web.jafner.net/_oauth.
  2. Add the traefik-forward-auth@file Traefik middleware to the service.
  3. Start up the new service. Open a new private window and navigate to the new service (https://web.jafner.net). It should redirect to Keycloak with a login prompt.
  4. If applicable, disable any local auth.