Differences

This shows you the differences between two versions of the page.

--- linux_server_manuals:dokuwiki_authentication_against_keycloak [2018/01/31 15:56] – ronney
+++ linux_server_manuals:dokuwiki_authentication_against_keycloak [2018/01/31 16:39] (current) – [DokuWiki Config] ronney
@@ Line 33: / Line 33: @@
 Install the plugin "oAuth".
+<WRAP center round tip 60%>
+  * In the version "2016-10-25" you need to enable user registration in dokuwiki, otherwise users, which never authenticated in dokuwiki, can't login. There is a [[https://github.com/cosmocode/dokuwiki-plugin-oauth/pull/43|pull request]] which solves that, hopefully it will be integrated in future versions.
+  * Users need to have an e-mail address set in keycloak. Otherwise Dokuwiki will refuse to let them authenticate.
+</WRAP>
+Then setup oAuth plugin (in gui or config file). Replace {realm-name} with the name of your realm. The urls are obviously pointing to your keycloak installation. If you've chosen a different keycloak-cliend-id than "dokuwiki", then set it in "keycloak-key":
+<file>
+$conf['plugin']['oauth']['keycloak-key'] = 'dokuwiki';
+$conf['plugin']['oauth']['keycloak-secret'] = 'The secret which we copied from keycloak';
+$conf['plugin']['oauth']['keycloak-authurl'] = 'https://example.com/auth/realms/{realm-name}/protocol/openid-connect/auth';
+$conf['plugin']['oauth']['keycloak-tokenurl'] = 'https://example.com/auth/realms/{realm-name}/protocol/openid-connect/token';
+$conf['plugin']['oauth']['keycloak-userinfourl'] = 'https://example.com/auth/realms/{realm-name}/protocol/openid-connect/userinfo';
+$conf['plugin']['oauth']['singleService'] = 'Keycloak';
+</file>