libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

ldap

Browse source
This commit is contained in:
Bill Burke 2016-05-30 15:31:10 -04:00
parent 544891d013
commit 15e975339d
4 changed files with 0 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
topics/social-config.adoc
View file

@ -1,30 +0,0 @@
[[_social_config]]
= Social Login Config
To enable log in with a social network you need to enable social login for your realm and configure one or more social providers.
== Enable social login
To configure social login, open the `Keycloak Admin Console`, select your realm from the drop-down box in the top left corner.
In the `Login Options` section click on `Social login` to set it to `ON`.
Click save settings, then click on `Social` in the menu at the top.
To enable a social provider select the provider you want from the drop-down and click on `Add Provider`.
Then continue to the section below that provides specific instructions for the provider you are adding.
== Social-only login
It's possible to configure a realm to only allow social login.
To do this open the `Keycloak Admin Console`, select your realm from the drop-down box in the top left corner.
Click the `Credentials` tab, and click on the `x` next to `password` in the `Required User Credentials`.
This will disable login with username and password.
[[_social_callbackurl]]
== Social Callback URL
There is a single callback url used by all realms and social providers.
This makes it possible to share the configuration for a social network between multiple realms.
An example callback url is `http://localhost:8080/auth/rest/social/callback`.
To get the callback url for your server replace `http://localhost:8080` with the base address of your server.
You can also find the callback url in the Keycloak Admin Console under social settings.

24
topics/social-facebook.adoc
View file

@ -1,24 +0,0 @@
[[_social_facebook]]
= Facebook
To enable login with Facebook you first have to create an app in the https://developers.facebook.com/[Facebook Developer Console].
Then you need to copy the client id and secret into the Keycloak Admin Console.
. Log in to the https://developers.facebook.com/[Facebook Developer Console].
Click `Apps` in the menu and select `Create a New App`.
Use any value for `Display Name` and `Category` you want, then click the `Create App` button.
Wait for the project to be created (this may take a while). If after creating the app you are not redirected to the app settings, click on `Apps` in the menu and select the app you created.
. Once the app has been created click on `Settings` in sidebar on the left.
You must specify a contact email.
Save your changes.
Then click on `Advanced`.
Under `Security` make sure `Client OAuth Login` is enabled.
In `Valid OAuth redirect URIs` insert the <<_social_callbackurl,social callback url>>.
Scroll down and click on the `Save Changes` button.
. Click `Status & Review` and select `YES` for `Do you want
to make this app and all its live features available to the general public?`.
You will not be able to set this until you have provided a contact email in the general settings of this application.
. Click `Basic`.
Copy `App ID` and `App Secret` (click `show`) from the https://developers.facebook.com/[Facebook Developer Console] into the settings page in the Keycloak Admin Console as the `Key` and `Secret`.
Then click `Save` in the Keycloak Admin Console to enable login with Facebook.

28
topics/social-google.adoc
View file

@ -1,28 +0,0 @@
[[_social_google]]
= Google
To enable login with Google you first have to create a project and a client in the https://cloud.google.com/console/project[Google Developer Console].
Then you need to copy the client id and secret into the Keycloak Admin Console.
. Log in to the https://cloud.google.com/console/project[Google Developer Console].
Click the `Create Project` button.
Use any value for `Project name` and `Project ID` you want, then click the `Create` button.
Wait for the project to be created (this may take a while).
. Once the project has been created click on `APIs & auth` in sidebar on the left.
To retrieve user profiles the `Google+ API` has to be enabled.
Scroll down to find it in the list.
If its status is `OFF`, click on `OFF` to enable it (it should move to the top of the list and the status should be `ON`).
. Now click on the `Consent screen` link on the sidebar menu on the left.
You must specify a project name and choose an email for the consent screen.
Otherwise users will get a login error.
There's other things you can configure here like what the consent screen looks like.
Feel free to play around with this.
. Now click `Credentials` in the sidebar on the left.
Then click `Create New Client ID`.
Select `Web application` as `Application type`.
Empty the `Authorized Javascript origins` textarea.
In `Authorized redirect URI` enter the <<_social_callbackurl,social callback url>> for your realm.
Click the `Create Client ID` button.
. Copy `Client ID` and `Client secret` from the https://cloud.google.com/console/project[Google Developer Console] into the settings page in the Keycloak Admin Console as the `Key` and `Secret`.
Then click `Save` in the Keycloak Admin Console to enable login with Google.

8
topics/social-spi.adoc
View file

@ -1,8 +0,0 @@
[[_social_spi]]
= Social Provider SPI
Keycloak provides an SPI to make it easy to add additional social providers.
This is done by implementing `org.keycloak.social.SocialProvider` in `social/core` and adding a provider configuration file (`META-INF/services/org.keycloak.social.SocialProvider`).
A good reference for implementing a Social Provider is the Google provider which you can find in `social/google` on GitHub or in the source download.