Update Keycloak instructions

docs/docker-compose-keycloak.yml

@@ -154,10 +154,11 @@ services:
       - OAUTH2_GENERIC_APP_ID=git
       - OAUTH2_GENERIC_APP_SECRET=<your-client-secret>
       - OAUTH2_GENERIC_CLIENT_SITE=http://<your-ip-address>:10081
-      - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/userinfo
-      - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/auth
-      - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/token
-      - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/logout
+      - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/userinfo
+      - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/auth
+      - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/token
+      - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/logout
+      - OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE=openid
       - OAUTH2_GENERIC_ID_PATH=sub
       - OAUTH2_GENERIC_USER_UID=sub
       - OAUTH2_GENERIC_USER_NAME=preferred_username
@@ -166,13 +167,14 @@ services:
 
   keycloak:
     restart: always
-    image: jboss/keycloak:8.0.1
+    image: quay.io/keycloak/keycloak:26.4
     ports:
       - "10081:8080"
     environment:
       - DEBUG=false
-      - KEYCLOAK_PASSWORD=admin
-      - KEYCLOAK_USER=admin
+      - KC_BOOTSTRAP_ADMIN_USERNAME=admin
+      - KC_BOOTSTRAP_ADMIN_PASSWORD=admin
+    command: start-dev
 
 volumes:
   redis-data:

docs/keycloak-idp.md

@@ -6,7 +6,7 @@ In this document, we will explain how to set up Keycloak and integrate it into G
 
 First, you need a client in Keycloak to authenticate with GitLab. You can start Keycloak by running `docker-compose up -d keycloak`.
 
-When Keycloak is running, log in using the `Administration console`. You can visit the Keycloak on the [local IP](http://localhost:10081) of your laptop.
+When Keycloak is running, log in. You can visit the Keycloak on the [local IP](http://localhost:10081) of your laptop.
 
 ![Keycloak Home](images/keycloak-home.png)
 
@@ -16,12 +16,14 @@ Next, create a client.
 
 Fill in the following variables:
 
-![Keycloak client creation](images/keycloak-client-creation.png)
+![Keycloak client creation](images/keycloak-client-creation1.png)
 
-Make access type confidential and enable service accounts and authorization.
+Make sure Client authentication and Authorization is On. 
 
 ![Keycloak client creation](images/keycloak-client-creation2.png)
 
+![Keycloak client creation](images/keycloak-client-creation3.png)
+
 Next, click save, get the client secret generated by Keycloak and start filling out the variables for GitLab in the docker-compose file.
 
 ![Keycloak client secret](images/keycloak-secret.png)
@@ -31,10 +33,10 @@ Set the following in the docker-compose file:
 ```yaml
     - OAUTH2_GENERIC_APP_SECRET=<your-client-secret>
     - OAUTH2_GENERIC_CLIENT_SITE=http://<your-ip-address>:10081
-    - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/userinfo
-    - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/auth
-    - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/token
-    - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/logout
+    - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/userinfo
+    - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/auth
+    - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/token
+    - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://<your-ip-address>:10081/realms/master/protocol/openid-connect/logout
 ```
 
 `<your-ip-address>` is the IP address of your keycloak. For this example this would be your IP address, but if your Keycloak existed elsewhere for your deployment `<your-ip-address>` would be different as would the port and the realm.
@@ -47,7 +49,7 @@ The following must also be configured:
     - OAUTH2_GENERIC_USER_EMAIL='email'    
 ```
 
-The values will be different for your deployment. Navigate Keycloak's UI, select `Clients`, click `[your client]`, then open the `Client Scopes` tab, then open `Evaluate` sub-tab, enter a username you know in the `User` field, select the match, then `Generate Access Token` to see the values you need to configure.
+The values will be different for your deployment. Navigate Keycloak's UI, select `Clients`, click `[your client]`, then open the `Client Scopes` tab, then open `Evaluate` sub-tab, enter a username you know in the `User` field, then `Generate Access Token` to see the values you need to configure.
 
 Also, make sure the following variables are filled in the docker-compose file:
 
@@ -66,7 +68,7 @@ Also, make sure the following variables are filled in the docker-compose file:
 
 GitLab does not allow login from users in Keycloak with an empty email or name. To prevent this, you can create a new user in Keycloak or you can add email and name for the admin account.
 
-Visit the `Users` tab and click on `View all users` to modify the Admin user.
+Visit the `Users` tab to modify the Admin user.
 
 ![keycloak-users](images/keycloak-users.png)