There exists basically no documentation about how to do that proberly, and also the error messages from the plugin, are not helping in any way…
So to get the whole thing working:
Add a new client with following settings:
Client ID: dokuwiki
Client Protocol: openid-connect
Then edit the new adapter settings
Access Type: confidential
Valid Redirect URLS: https://example.com/* (Or wherever dokuwiki is stored)
Save and then go to the newly appeard tab “credentials”.
Set Client Authenticator to “Client id and secret” and copy the secret.
If you want dokuwiki to know about the groups keycloak assigns to the users, go to the tab “Mappers”, then click “create”.
Set following attributes:
Name: groups
Mapper Type: “group membership”
Token Claim Name: “groups”
Full group paths: off
Add to id token: off
Add to access token: off
Add to userinfo: on
Then save.
Install the plugin “oAuth”.
Then setup oAuth plugin (in gui or config file). Replace {realm-name} with the name of your realm. The urls are obviously pointing to your keycloak installation. If you've chosen a different keycloak-cliend-id than “dokuwiki”, then set it in “keycloak-key”:
$conf['plugin']['oauth']['keycloak-key'] = 'dokuwiki';
$conf['plugin']['oauth']['keycloak-secret'] = 'The secret which we copied from keycloak';
$conf['plugin']['oauth']['keycloak-authurl'] = 'https://example.com/auth/realms/{realm-name}/protocol/openid-connect/auth';
$conf['plugin']['oauth']['keycloak-tokenurl'] = 'https://example.com/auth/realms/{realm-name}/protocol/openid-connect/token';
$conf['plugin']['oauth']['keycloak-userinfourl'] = 'https://example.com/auth/realms/{realm-name}/protocol/openid-connect/userinfo';
$conf['plugin']['oauth']['singleService'] = 'Keycloak';