From 9e5c95fd6dfcb583324aa190e33c1f755bba0beb Mon Sep 17 00:00:00 2001 From: jontyms Date: Tue, 23 May 2023 11:14:35 +0000 Subject: [PATCH] fix(docs): Added Keycloak OpenID example (#1521) Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1521 Reviewed-by: konrad Co-authored-by: jontyms Co-committed-by: jontyms --- docs/content/doc/setup/openid-examples.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/content/doc/setup/openid-examples.md b/docs/content/doc/setup/openid-examples.md index c3ec2b1d8..eb8bdc589 100644 --- a/docs/content/doc/setup/openid-examples.md +++ b/docs/content/doc/setup/openid-examples.md @@ -66,3 +66,25 @@ Google config: - Configure an authorized redirect URI of `https://vikunja.mydomain.com/auth/openid/google` Note that there currently seems to be no way to stop creation of new users, even when `enableregistration` is `false` in the configuration. This means that this approach works well only with an "Internal Organization" app for Google Workspace, which limits the allowed users to organizational accounts only. External / public applications will potentially allow every Google user to register. + +## Keycloak + +Vikunja Config: +```yaml +openid: + enabled: true + redirecturl: https://vikunja.mydomain.com/auth/openid/ <---- slash at the end is important + providers: + - name: Keycloak + authurl: https://keycloak.mydomain.com/realms/ + logouturl: https://keycloak.mydomain.com/realms//protocol/openid-connect/logout + clientid: + clientsecret: +``` +Keycloak Config: +- Navigate to the keycloak instance +- Create a new client with the type `OpenID Connect` and a unique ID. +- Set `Client authentication` to On +- Set `Root Url` to `https://vikunja.mydomain.com` +- Set `Valid redirect URIs` to `/auth/openid/keycloak` +- Create the client the navigate to the credentials tab and copy the `Client secret`