diff --git a/docs/docker-compose-keycloak.yml b/docs/docker-compose-keycloak.yml index 27af8aeab..201125824 100644 --- a/docs/docker-compose-keycloak.yml +++ b/docs/docker-compose-keycloak.yml @@ -154,10 +154,11 @@ services: - OAUTH2_GENERIC_APP_ID=git - OAUTH2_GENERIC_APP_SECRET= - OAUTH2_GENERIC_CLIENT_SITE=http://:10081 - - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://:10081/auth/realms/master/protocol/openid-connect/userinfo - - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://:10081/auth/realms/master/protocol/openid-connect/auth - - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://:10081/auth/realms/master/protocol/openid-connect/token - - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://:10081/auth/realms/master/protocol/openid-connect/logout + - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://:10081/realms/master/protocol/openid-connect/userinfo + - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://:10081/realms/master/protocol/openid-connect/auth + - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://:10081/realms/master/protocol/openid-connect/token + - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://:10081/realms/master/protocol/openid-connect/logout + - OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE=openid - OAUTH2_GENERIC_ID_PATH=sub - OAUTH2_GENERIC_USER_UID=sub - OAUTH2_GENERIC_USER_NAME=preferred_username @@ -166,13 +167,14 @@ services: keycloak: restart: always - image: jboss/keycloak:8.0.1 + image: quay.io/keycloak/keycloak:26.4 ports: - "10081:8080" environment: - DEBUG=false - - KEYCLOAK_PASSWORD=admin - - KEYCLOAK_USER=admin + - KC_BOOTSTRAP_ADMIN_USERNAME=admin + - KC_BOOTSTRAP_ADMIN_PASSWORD=admin + command: start-dev volumes: redis-data: diff --git a/docs/images/keycloak-admin-acc.png b/docs/images/keycloak-admin-acc.png index 116967254..5c7f3550e 100644 Binary files a/docs/images/keycloak-admin-acc.png and b/docs/images/keycloak-admin-acc.png differ diff --git a/docs/images/keycloak-client-creation.png b/docs/images/keycloak-client-creation.png deleted file mode 100644 index 0595b8df9..000000000 Binary files a/docs/images/keycloak-client-creation.png and /dev/null differ diff --git a/docs/images/keycloak-client-creation1.png b/docs/images/keycloak-client-creation1.png new file mode 100644 index 000000000..a3ec78f1a Binary files /dev/null and b/docs/images/keycloak-client-creation1.png differ diff --git a/docs/images/keycloak-client-creation2.png b/docs/images/keycloak-client-creation2.png index 96879a04d..a3c8b6c93 100644 Binary files a/docs/images/keycloak-client-creation2.png and b/docs/images/keycloak-client-creation2.png differ diff --git a/docs/images/keycloak-client-creation3.png b/docs/images/keycloak-client-creation3.png new file mode 100644 index 000000000..6365567bf Binary files /dev/null and b/docs/images/keycloak-client-creation3.png differ diff --git a/docs/images/keycloak-client.png b/docs/images/keycloak-client.png index f10fc95ce..b691c98ba 100644 Binary files a/docs/images/keycloak-client.png and b/docs/images/keycloak-client.png differ diff --git a/docs/images/keycloak-gitlab-login.png b/docs/images/keycloak-gitlab-login.png index 2d7933d60..7c3106fc2 100644 Binary files a/docs/images/keycloak-gitlab-login.png and b/docs/images/keycloak-gitlab-login.png differ diff --git a/docs/images/keycloak-home.png b/docs/images/keycloak-home.png index f2adbed24..ec4c14745 100644 Binary files a/docs/images/keycloak-home.png and b/docs/images/keycloak-home.png differ diff --git a/docs/images/keycloak-secret.png b/docs/images/keycloak-secret.png index 4af4960e5..1e489be3d 100644 Binary files a/docs/images/keycloak-secret.png and b/docs/images/keycloak-secret.png differ diff --git a/docs/images/keycloak-users.png b/docs/images/keycloak-users.png index 6949e8212..94bb781b6 100644 Binary files a/docs/images/keycloak-users.png and b/docs/images/keycloak-users.png differ diff --git a/docs/keycloak-idp.md b/docs/keycloak-idp.md index 04bc3c734..66fdcd4ce 100644 --- a/docs/keycloak-idp.md +++ b/docs/keycloak-idp.md @@ -6,7 +6,7 @@ In this document, we will explain how to set up Keycloak and integrate it into G First, you need a client in Keycloak to authenticate with GitLab. You can start Keycloak by running `docker-compose up -d keycloak`. -When Keycloak is running, log in using the `Administration console`. You can visit the Keycloak on the [local IP](http://localhost:10081) of your laptop. +When Keycloak is running, log in. You can visit the Keycloak on the [local IP](http://localhost:10081) of your laptop. ![Keycloak Home](images/keycloak-home.png) @@ -16,12 +16,14 @@ Next, create a client. Fill in the following variables: -![Keycloak client creation](images/keycloak-client-creation.png) +![Keycloak client creation](images/keycloak-client-creation1.png) -Make access type confidential and enable service accounts and authorization. +Make sure Client authentication and Authorization is On. ![Keycloak client creation](images/keycloak-client-creation2.png) +![Keycloak client creation](images/keycloak-client-creation3.png) + Next, click save, get the client secret generated by Keycloak and start filling out the variables for GitLab in the docker-compose file. ![Keycloak client secret](images/keycloak-secret.png) @@ -31,10 +33,10 @@ Set the following in the docker-compose file: ```yaml - OAUTH2_GENERIC_APP_SECRET= - OAUTH2_GENERIC_CLIENT_SITE=http://:10081 - - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://:10081/auth/realms/master/protocol/openid-connect/userinfo - - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://:10081/auth/realms/master/protocol/openid-connect/auth - - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://:10081/auth/realms/master/protocol/openid-connect/token - - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://:10081/auth/realms/master/protocol/openid-connect/logout + - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://:10081/realms/master/protocol/openid-connect/userinfo + - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://:10081/realms/master/protocol/openid-connect/auth + - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://:10081/realms/master/protocol/openid-connect/token + - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://:10081/realms/master/protocol/openid-connect/logout ``` `` is the IP address of your keycloak. For this example this would be your IP address, but if your Keycloak existed elsewhere for your deployment `` would be different as would the port and the realm. @@ -47,7 +49,7 @@ The following must also be configured: - OAUTH2_GENERIC_USER_EMAIL='email' ``` -The values will be different for your deployment. Navigate Keycloak's UI, select `Clients`, click `[your client]`, then open the `Client Scopes` tab, then open `Evaluate` sub-tab, enter a username you know in the `User` field, select the match, then `Generate Access Token` to see the values you need to configure. +The values will be different for your deployment. Navigate Keycloak's UI, select `Clients`, click `[your client]`, then open the `Client Scopes` tab, then open `Evaluate` sub-tab, enter a username you know in the `User` field, then `Generate Access Token` to see the values you need to configure. Also, make sure the following variables are filled in the docker-compose file: @@ -66,7 +68,7 @@ Also, make sure the following variables are filled in the docker-compose file: GitLab does not allow login from users in Keycloak with an empty email or name. To prevent this, you can create a new user in Keycloak or you can add email and name for the admin account. -Visit the `Users` tab and click on `View all users` to modify the Admin user. +Visit the `Users` tab to modify the Admin user. ![keycloak-users](images/keycloak-users.png)