Skip to content

Commit c39a626

Browse files
sameersbnsameersbn
authored
Merge pull request #2293 from nemonik/keycloak-idp-doc-tweak
Keycloak idp doc tweak
2 parents 94496fd + c76d373 commit c39a626

File tree

1 file changed

+18
-3
lines changed

1 file changed

+18
-3
lines changed

docs/keycloak-idp.md

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ Next, click save, get the client secret generated by Keycloak and start filling
2626

2727
![Keycloak client secret](images/keycloak-secret.png)
2828

29+
Set the following in the docker-compose file:
30+
2931
```yaml
3032
- OAUTH2_GENERIC_APP_SECRET=<your-client-secret>
3133
- OAUTH2_GENERIC_CLIENT_SITE=http://<your-ip-address>:10081
@@ -35,7 +37,19 @@ Next, click save, get the client secret generated by Keycloak and start filling
3537
- OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/logout
3638
```
3739
38-
Make sure the following variables are filled in the docker-compose file:
40+
`<your-ip-address>` is the IP address of your keycloak. For this example this would be your IP address, but if your Keycloak existed elsewhere for your deployment `<your-ip-address>` would be different as would the port and the realm.
41+
42+
The following must also be configured:
43+
44+
```yaml
45+
- OAUTH2_GENERIC_USER_UID='preffered_usename'
46+
- OAUTH2_GENERIC_USER_NAME='name'
47+
- OAUTH2_GENERIC_USER_EMAIL='email'
48+
```
49+
50+
The values will be different for your deployment. Navigate Keycloak's UI, select `Clients`, click `[your client]`, then open the `Client Scopes` tab, then open `Evaluate` sub-tab, enter a username you know in the `User` field, select the match, then `Generate Access Token` to see the values you need to configure.
51+
52+
Also, make sure the following variables are filled in the docker-compose file:
3953

4054
```yaml
4155
- GITLAB_HOST='<your-ip-address>'
@@ -46,9 +60,10 @@ Make sure the following variables are filled in the docker-compose file:
4660
- OAUTH_BLOCK_AUTO_CREATED_USERS=false
4761
- OAUTH_AUTO_LINK_LDAP_USER=false
4862
- OAUTH_AUTO_LINK_SAML_USER=false
49-
- OAUTH_EXTERNAL_PROVIDERS=Keycloak
5063
```
5164

65+
`<your-ip-address>` is the IP address of your GitLab for this example this would be the your IP address, but if your GitLab was to be proxied or deployed elsewhere `<your-ip-address>` would be another value appropriate for your deployment.
66+
5267
GitLab does not allow login from users in Keycloak with an empty email or name. To prevent this, you can create a new user in Keycloak or you can add email and name for the admin account.
5368

5469
Visit the `Users` tab and click on `View all users` to modify the Admin user.
@@ -62,4 +77,4 @@ Deploy GitLab, Reddis and PostgreSQL by running the following command: `docker-c
6277

6378
You can now login on the local GitLab instance with with Keycloak on your [local IP](http://localhost:10080).
6479

65-
![gitlab-login](images/keycloak-gitlab-login.png)
80+
![gitlab-login](images/keycloak-gitlab-login.png)

0 commit comments

Comments
 (0)