2016-02-03 10:20:22 +00:00
|
|
|
<!--
|
|
|
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
|
|
~ and other contributors as indicated by the @author tags.
|
|
|
|
~
|
|
|
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
~ you may not use this file except in compliance with the License.
|
|
|
|
~ You may obtain a copy of the License at
|
|
|
|
~
|
|
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
~
|
|
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
~ See the License for the specific language governing permissions and
|
|
|
|
~ limitations under the License.
|
|
|
|
-->
|
|
|
|
|
2014-01-17 17:21:44 +00:00
|
|
|
<section id="social-google">
|
|
|
|
<title>Google</title>
|
|
|
|
<para>
|
|
|
|
To enable login with Google you first have to create a project and a client in the
|
|
|
|
<ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>. Then you need to copy
|
|
|
|
the client id and secret into the Keycloak Admin Console.
|
|
|
|
</para>
|
|
|
|
<orderedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Log in to the <ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>. Click the
|
|
|
|
<literal>Create Project</literal> button. Use any value for <literal>Project name</literal> and
|
|
|
|
<literal>Project ID</literal> you want, then click the <literal>Create</literal> button. Wait for the project to
|
|
|
|
be created (this may take a while).
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Once the project has been created click on <literal>APIs & auth</literal> in sidebar on the left. To retrieve
|
|
|
|
user profiles the <literal>Google+ API</literal> has to be enabled. Scroll down to find it in the list. If its
|
|
|
|
status is <literal>OFF</literal>, click on <literal>OFF</literal> to enable it (it should move to the top of
|
|
|
|
the list and the status should be <literal>ON</literal>).
|
|
|
|
</para>
|
|
|
|
</listitem>
|
2014-09-08 13:07:51 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Now click on the <literal>Consent screen</literal> link on the sidebar menu on the left. You must specify
|
|
|
|
a project name and choose an email for the consent screen. Otherwise users will get a login error. There's
|
|
|
|
other things you can configure here like what the consent screen looks like. Feel free to play around with this.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
2014-01-17 17:21:44 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Now click <literal>Credentials</literal> in the sidebar on the left. Then click
|
|
|
|
<literal>Create New Client ID</literal>. Select <literal>Web application</literal> as
|
|
|
|
<literal>Application type</literal>. Empty the <literal>Authorized Javascript origins</literal> textarea. In
|
|
|
|
<literal>Authorized redirect URI</literal> enter the <link linkend="social-callbackurl">social callback url</link>
|
|
|
|
for your realm. Click the <literal>Create Client ID</literal> button.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Copy <literal>Client ID</literal> and <literal>Client secret</literal> from the
|
|
|
|
<ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink> into the settings
|
|
|
|
page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then click
|
|
|
|
<literal>Save</literal> in the Keycloak Admin Console to enable login with Google.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</orderedlist>
|
|
|
|
</section>
|