diff --git a/CHANGELOG.md b/CHANGELOG.md index 17b8b532..aaf28f79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ## Breaking Changes ## Changes since v4.1.0 +- [#347](https://github.com/pusher/oauth2_proxy/pull/347) Update keycloak provider configuration documentation - [#325](https://github.com/pusher/oauth2_proxy/pull/325) dist.sh: use sha256sum (@syscll) - [#179](https://github.com/pusher/oauth2_proxy/pull/179) Add Nextcloud provider (@Ramblurr) - [#280](https://github.com/pusher/oauth2_proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7) diff --git a/docs/2_auth.md b/docs/2_auth.md index b3d96559..e1440075 100644 --- a/docs/2_auth.md +++ b/docs/2_auth.md @@ -107,8 +107,9 @@ If you are using GitHub enterprise, make sure you set the following to the appro ### Keycloak Auth Provider -1. Create new client in your Keycloak with **Access Type** 'confidental'. -2. Create a mapper with **Mapper Type** 'Group Membership'. +1. Create new client in your Keycloak with **Access Type** 'confidental' and **Valid Redirect URIs** 'https://internal.yourcompany.com/oauth2/callback' +2. Take note of the Secret in the credential tab of the client +3. Create a mapper with **Mapper Type** 'Group Membership' and **Token Claim Name** 'groups'. Make sure you set the following to the appropriate url: @@ -116,8 +117,11 @@ Make sure you set the following to the appropriate url: -client-id= -client-secret= -login-url="http(s):///realms//protocol/openid-connect/auth" - -redeem-url="http(s):///realms/master//openid-connect/auth/token" - -validate-url="http(s):///realms/master//openid-connect/userinfo" + -redeem-url="http(s):///realms//protocol/openid-connect/token" + -validate-url="http(s):///realms//protocol/openid-connect/userinfo" + -keycloak-group= + +The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin. ### GitLab Auth Provider