public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore(examples): update keycloak to v25 (#2706) 

---------

Co-authored-by: tuunit <jan@larwig.com>
This commit is contained in:
Koen van Zuijlen 2024-07-18 23:57:15 +02:00 committed by GitHub
parent ca25c906bb
commit ce8b63bc21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 31 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
contrib/local-environment/docker-compose-keycloak.yaml
View File

@ -43,23 +43,18 @@ services:
keycloak:
container_name: keycloak
image: jboss/keycloak:10.0.2
image: keycloak/keycloak:25.0.1-0
hostname: keycloak
command:
[
'-b',
'0.0.0.0',
'-Djboss.socket.binding.port-offset=1000',
'-Dkeycloak.migration.action=import',
'-Dkeycloak.migration.provider=dir',
'-Dkeycloak.migration.dir=/realm-config',
'-Dkeycloak.migration.strategy=IGNORE_EXISTING'
]
- 'start-dev'
- '--http-port=9080'
- '--import-realm'
volumes:
- ./keycloak:/realm-config
- ./keycloak:/opt/keycloak/data/import
environment:
KEYCLOAK_USER: admin@example.com
KEYCLOAK_PASSWORD: password
KC_HTTP_PORT: 9080
KEYCLOAK_ADMIN: admin@example.com
KEYCLOAK_ADMIN_PASSWORD: password
ports:
- 9080:9080/tcp
networks:

36
contrib/local-environment/keycloak/master-realm.json → contrib/local-environment/keycloak/oauth2-proxy-realm.json
View File

@ -1,6 +1,6 @@
{
"id": "master",
"realm": "master",
"id": "oauth2-proxy",
"realm": "oauth2-proxy",
"displayName": "Keycloak",
"displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
"notBefore": 0,
@ -48,7 +48,7 @@
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "master",
"containerId": "oauth2-proxy",
"attributes": {}
},
{
@ -61,7 +61,7 @@
"create-realm"
],
"client": {
"master-realm": [
"oauth2-proxy-realm": [
"query-groups",
"create-client",
"query-realms",
@ -84,7 +84,7 @@
}
},
"clientRole": false,
"containerId": "master",
"containerId": "oauth2-proxy",
"attributes": {}
},
{
@ -93,7 +93,7 @@
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "master",
"containerId": "oauth2-proxy",
"attributes": {}
},
{
@ -102,7 +102,7 @@
"description": "${role_create-realm}",
"composite": false,
"clientRole": false,
"containerId": "master",
"containerId": "oauth2-proxy",
"attributes": {}
}
],
@ -122,7 +122,7 @@
"attributes": {}
}
],
"master-realm": [
"oauth2-proxy-realm": [
{
"id": "a8271c2c-6437-4ca5-ae83-49ea5fe1318d",
"name": "query-groups",
@ -229,7 +229,7 @@
"composite": true,
"composites": {
"client": {
"master-realm": [
"oauth2-proxy-realm": [
"query-groups",
"query-users"
]
@ -273,7 +273,7 @@
"composite": true,
"composites": {
"client": {
"master-realm": [
"oauth2-proxy-realm": [
"query-clients"
]
}
@ -439,7 +439,7 @@
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/master/account/",
"baseUrl": "/realms/oauth2-proxy/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
@ -450,7 +450,7 @@
"manage-account"
],
"redirectUris": [
"/realms/master/account/*"
"/realms/oauth2-proxy/account/*"
],
"webOrigins": [],
"notBefore": 0,
@ -486,14 +486,14 @@
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/master/account/",
"baseUrl": "/realms/oauth2-proxy/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "91f85142-ee18-4e30-9949-e5acb701bdee",
"redirectUris": [
"/realms/master/account/*"
"/realms/oauth2-proxy/account/*"
],
"webOrigins": [],
"notBefore": 0,
@ -616,8 +616,8 @@
},
{
"id": "7174c175-1887-4e57-b95b-969fe040deff",
"clientId": "master-realm",
"name": "master Realm",
"clientId": "oauth2-proxy-realm",
"name": "oauth2-proxy Realm",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
@ -711,14 +711,14 @@
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/master/console/",
"baseUrl": "/admin/oauth2-proxy/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "b234b7aa-8417-410f-b3fd-c57434d3aa4a",
"redirectUris": [
"/admin/master/console/*"
"/admin/oauth2-proxy/console/*"
],
"webOrigins": [
"+"

2
contrib/local-environment/keycloak/master-users-0.json → contrib/local-environment/keycloak/oauth2-proxy-users-0.json
View File

@ -1,5 +1,5 @@
{
"realm": "master",
"realm": "oauth2-proxy",
"users": [
{
"id": "3356c0a0-d4d5-4436-9c5a-2299c71c08ec",

8
contrib/local-environment/oauth2-proxy-keycloak.cfg
View File

@ -2,8 +2,8 @@ http_address="0.0.0.0:4180"
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
email_domains="example.com"
cookie_secure="false"
upstreams="http://httpbin.localtest.me:8080"
cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
upstreams="http://httpbin"
cookie_domains=["oauth2-proxy.localtest.me:4080", "httpbin.localtest.me:8080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
# keycloak provider
@ -12,7 +12,7 @@ client_id="oauth2-proxy"
redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
# in this case oauth2-proxy is going to visit
# http://keycloak.localtest.me:9080/auth/realms/master/.well-known/openid-configuration for configuration
oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master"
# http://keycloak.localtest.me:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration
oidc_issuer_url="http://keycloak.localtest.me:9080/realms/oauth2-proxy"
provider="oidc"
provider_display_name="Keycloak"