55 lines
1.6 KiB
Markdown
55 lines
1.6 KiB
Markdown
Keycloak
|
|
==============
|
|
|
|
1. Enable the plugin.
|
|
2. Create a new settings.php file here plugin/keycloak/settings.php you can find an example here:
|
|
plugin/keycloak/settings.dist.php
|
|
|
|
3. Edit the settings.php file with your Keycloak settings:
|
|
|
|
<pre>
|
|
'idp' => array(
|
|
'entityId' => 'http://localhost:8080/auth/realms/master',
|
|
'singleSignOnService' => array (
|
|
'url' => 'http://localhost:8080/auth/realms/master/protocol/saml',
|
|
),
|
|
'singleLogoutService' => array (
|
|
'url' => 'http://localhost:8080/auth/realms/master/protocol/saml',
|
|
),
|
|
'x509cert' => 'xxx',
|
|
)
|
|
</pre>
|
|
|
|
4. Configure your keycloak server with the following settings:
|
|
|
|
* Create a client with "client id" value:
|
|
http://www.example.org/plugin/keycloak/metadata.php
|
|
|
|
* Valid redirect URIs: *
|
|
* Client Protocol: saml
|
|
* Logout service redirect Binding URL: http://www.example.org/plugin/keycloak/start.php?sls
|
|
|
|
|
|
Change the client scope roles to "Single role attribute".
|
|
|
|
- Client Scopes-> role_list -> Mappers -> role list -> "Single Role Attribute" = true
|
|
|
|
Add user mappers for "FirstName", "LastName" and "Email" so Chamilo can get those values.
|
|
|
|
Clients -> (select the client previously created) -> mappers -> create
|
|
|
|
Name: Email
|
|
Mapper Type = User Property.
|
|
User Attribute: Email
|
|
Friendly Name: Email
|
|
SAML Attribute Name: Email
|
|
SAML Attribute: Basic
|
|
|
|
Repeat the process for the 3 attributes.
|
|
|
|
Create a demo user in keycloak
|
|
|
|
Try to login using the new keycloak button in Chamilo.
|
|
|
|
When everything works, restrict `Valid redirect URIs` setting from `*` to `http://www.example.org/plugin/keycloak/start.php?acs`
|