Skip to content

Commit

Permalink
Add instructions for setting up keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
backjonas committed Aug 13, 2024
1 parent c800793 commit 593d731
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,30 @@ yarn
yarn develop
```

### Configuring keycloak

To allow for single-sign on with other systems, TF identifies end-users with keycloak.

1. Create a keycloak client (or look up the existing strapi client) at keycloak admin console -> Realms -> tf-medlemmar -> clients -> Create client
2. Give the client an ID and configure relevant URL:s as follows:
1. Root URL: the root of your strapi instance, e.g. https://cms.tf.fi
2. Home URL: the root of your frontend client, e.g. https://tf.fi
3. Valid redirect URIs & Valid post logout redirect URIs: frontend keycloak callback path, e.g. https://tf.fi/api/auth/callback/keycloak
4. Web origins: allowed CORS origins, should have both the frontend and strapi origin, e.g. https://tf.fi & https://cms.tf.fi
3. Set Capability config settings:
1. Client authentication: On
2. Authorization: Off
3. Authentication flow: Enable standard flow, disable all other flows.
4. Configure credentials:
1. Client Authenticator: Client Id and Secret
2. Generate Client secret
5. Set the recently defined keycloak variables in strapi under Settings -> Providers -> keycloak as follows:
1. Enable: true
2. Client ID: client ID from keycloak (step 2.)
3. Client secret fron keycloak (step 4.2)
4. Host URI (Subdomain): URI of the keycloak realm, e.g. id.tf.fi/realms/tf-medlemmar
5. The redirect URL to your front-end app: strapi keycloak callback, e.g. https://cms.tf.fi/api/auth/keycloak/callback

## Making changes to the production system

1. Clone this repository
Expand Down

0 comments on commit 593d731

Please sign in to comment.