Commit320e7e6

authored

Sso keycloak (#677)

* Add sso for keycloakAdded OIDC SSO for Keycloak* Update oidc-keycloak.mdAdded note on KeycloakServer version* Update keycloak ssoAdded link to Keycloak from OIDC topic, and added related links to Keycloak topic* Update oidc-keycloak.md* Update oidc-keycloak.mdFixed workaround parameter* Update team syncRemoved note on provider support for team sync* Update oidc-keycloak.md

1 parentf103ea6 commit320e7e6Copy full SHA for 320e7e6

File tree

12 files changed

+132

-2

lines changed

_data
- nav.yml
_docs/single-sign-on
- oidc.md
- oidc
  - oidc-keycloak.md
- team-sync.md
images/sso/keycloak

12 files changed

+132

-2

lines changed

`‎_data/nav.yml‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -560,6 +560,8 @@`
`560`	`560`	`url:/oidc-azure`
`561`	`561`	`-title:Google`
`562`	`562`	`url:/oidc-google`
	`563`	`+ -title:Keycloak`
	`564`	`+url:/oidc-keycloak`
`563`	`565`	`-title:Okta`
`564`	`566`	`url:/oidc-okta`
`565`	`567`	`-title:OneLogin`

`‎_docs/single-sign-on/oidc.md‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ Here's what you need to do to configure SSO via OIDC in Codefresh:`
`29`	`29`	`*[Auth0]({{site.baseurl}}/docs/single-sign-on/oidc/oidc-auth0/)`
`30`	`30`	`*[Azure]({{site.baseurl}}/docs/single-sign-on/oidc/oidc-azure/)`
`31`	`31`	`*[Google]({{site.baseurl}}/docs/single-sign-on/oidc/oidc-google/)`
	`32`	`+*[Keycloak]({{site.baseurl}}/docs/single-sign-on/oidc/oidc-keycloak/)`
`32`	`33`	`*[Okta]({{site.baseurl}}/docs/single-sign-on/oidc/oidc-okta/)`
`33`	`34`	`*[OneLogin]({{site.baseurl}}/docs/single-sign-on/oidc/oidc-onelogin/)`
`34`	`35`

`‎_docs/single-sign-on/oidc/oidc-keycloak.md‎`

Lines changed: 129 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,129 @@`
	`1`	`+---`
	`2`	`+title:"Keycloak SSO via OIDC"`
	`3`	`+description:"Set up Keycloak SSO for OIDC"`
	`4`	`+group:single-sign-on`
	`5`	`+toc:true`
	`6`	`+---`
	`7`	`+Set up SSO for Keycloak using OIDC.`
	`8`	`+For a general overview on OIDC, see[Setting up OIDC Federated SSO]({{site.baseurl}}/docs/single-sign-on/oidc).`
	`9`	`+`
	`10`	`+Set up OIDC SSO for Keycloak in Codefresh by:`
	`11`	`+1. Creating a client in Keycloak`
	`12`	`+1. Configuring SSO settings for Keycloak in Codefresh`
	`13`	`+1. Configuring redirect URIs in Keycloak`
	`14`	`+`
	`15`	`+>IMPORTANT:`
	`16`	+>KeycloakServer changed`/auth` endpoint from version 17.0.0. Currently, Codefresh does not support Keycloak version 17.0.0 or higher.
	`17`	+>As a workaround, start KeycloakServer with this parameter:`--http-relative-path=/auth/`.
	`18`	`+`
	`19`	`+`
	`20`	`+##Step 1: Create Client in Keycloak`
	`21`	`+`
	`22`	`+Create a Keycloak client for Codefresh.`
	`23`	`+`
	`24`	`+1. Log in to Keycloak.`
	`25`	`+1. Select the Realm, and from the sidebar, selectClients.`
	`26`	`+1. ClickCreate Client, and theClients list tab.`
	`27`	`+1. Define the General Settings:`
	`28`	`+1. From theClient type drop-down, selectOpenID Connect.`
	`29`	+1. In theClient ID field, enter`g.codefresh.io`.
	`30`	+1. In theName field, enter a display name for the client, for example,`Codefresh`.
	`31`	`+1. ClickNext.`
	`32`	`+`
	`33`	`+ {% include image.html`
	`34`	`+ lightbox="true"`
	`35`	`+ file="/images/sso/keycloak/create-client-general-settings.png"`
	`36`	`+ url="/images/sso/keycloak/create-client-general-settings.png"`
	`37`	`+ alt="General Settings for Codefresh client in Keycloak"`
	`38`	`+ caption="General Settings for Codefresh client in Keycloak"`
	`39`	`+ max-width="70%"`
	`40`	`+ %}`
	`41`	`+`
	`42`	`+{:start="5"}`
	`43`	`+1. Define the Capablity config settings:`
	`44`	`+1. ToggleClient authentication to ON.`
	`45`	`+1. ClickSave.`
	`46`	`+`
	`47`	`+ {% include image.html`
	`48`	`+ lightbox="true"`
	`49`	`+ file="/images/sso/keycloak/create-client-capability-config-settings.png"`
	`50`	`+ url="/images/sso/keycloak/create-client-capability-config-settings.png"`
	`51`	`+ alt="Capablity config settings for Codefresh client in Keycloak"`
	`52`	`+ caption="Capablity config settings for Codefresh client in Keycloak"`
	`53`	`+ max-width="70%"`
	`54`	`+ %}`
	`55`	`+`
	`56`	`+{:start="6"}`
	`57`	`+1. Copy and paste the following:`
	`58`	`+1. Go back to Settings.`
	`59`	`+1. From the General Settings tab, copy theClient ID to your machine.`
	`60`	`+1. Click theCredentials tab, and copy and paste theClient secret to your machine.`
	`61`	`+1. From the sidebar, selectRealm Settings, and copy and paste theRealm ID.`
	`62`	`+ You will need the Client ID, Client Secret, and Realm ID to configure SSO for Keycloak in Codefresh.`
	`63`	`+1. Continue with[Step 2: Configure SSO settings for Keycloak in Codefresh](#step-2-configure-sso-settings-for-keycloak-in-codefresh).`
	`64`	`+`
	`65`	`+##Step 2: Configure SSO settings for Keycloak in Codefresh`
	`66`	`+<br>`
	`67`	`+`
	`68`	`+Before you begin`
	`69`	`+* Make sure you have:`
	`70`	`+* TheClient ID,Client Secret, andRealm ID from Keycloak in Step 1`
	`71`	`+`
	`72`	`+How to`
	`73`	`+`
	`74`	`+1. In the Codefresh UI, from the toolbar click theSettings icon.`
	`75`	`+1. In the sidebar, from Access & Collaboration, select[Single Sign-On](https://g.codefresh.io/2.0/account-settings/single-sign-on){:target="\_blank"}.`
	`76`	`+1. Click+ Add Single Sign-On, selectKeycloak, and then clickNext.`
	`77`	`+1. Enter the following:`
	`78`	`+*Client Name: For auto-generation, leave empty. Codefresh generates the client name once you save the settings.`
	`79`	`+*Display Name: Meaningful name that identifies the integration with this SSO provider.`
	`80`	`+*Client ID: The Client ID for Codefresh you copied from Keycloak.`
	`81`	`+*Client Secret: The Client Secret for Codefresh you also copied from Keycloak.`
	`82`	`+*Host: The Keycloak URL.`
	`83`	`+*Realm: Optional. The Realm ID for Codefresh you copied from Keycloak.`
	`84`	`+`
	`85`	`+ {% include image.html`
	`86`	`+ lightbox="true"`
	`87`	`+ file="/images/sso/keycloak/sso-keycloak-settings-codefresh.png"`
	`88`	`+ url="/images/sso/keycloak/sso-keycloak-settings-codefresh.png"`
	`89`	`+ alt="SSO settings for Keycloak in Codefresh"`
	`90`	`+ caption="SSO settings for Keycloak in Codefresh"`
	`91`	`+ max-width="40%"`
	`92`	`+ %}`
	`93`	`+`
	`94`	`+{:start="5"}`
	`95`	`+1. ClickAdd. Codefresh creates Keycloak as an identity provider, with the auto-generated Client Name.`
	`96`	`+`
	`97`	`+ {% include image.html`
	`98`	`+ lightbox="true"`
	`99`	`+ file="/images/sso/keycloak/keycloak-auto-generated-client-name.png"`
	`100`	`+ url="/images/sso/keycloak/keycloak-auto-generated-client-name.png"`
	`101`	`+ alt="Getting the auto-generated Client Name"`
	`102`	`+ caption="Getting the auto-generated Client Name"`
	`103`	`+ max-width="90%"`
	`104`	`+ %}`
	`105`	`+`
	`106`	`+{:start="6"}`
	`107`	`+1. Note down the Client Name, as you need it to set the redirect URI in Keycloak.`
	`108`	`+1. Continue with[Step 3: Set up Redirect URI in Keycloak](#step-3-set-up-redirect-uri-in-keycloak).`
	`109`	`+`
	`110`	`+##Step 3: Set up Redirect URI in Keycloak`
	`111`	`+1. Log in again to Keycloak.`
	`112`	`+1. From the sidebar, selectClients and then selectCodefresh from the Clients List.`
	`113`	`+1. Click theSettings tab, and then define theAccess Settings:`
	`114`	+1. In theRoot URL andHome URL fields, enter`https://g.codefresh.io`.
	`115`	+1. In theValid redirect URIs field, enter`https://g.codefresh.io/api/auth/<your_codefresh_client_name>/callback`
	`116`	+ where:`<your_codefresh_client_name>` is the Client Name auto-generated by Codefresh, for example,`https://g.codefresh.io/api/auth/ruUtQOzX4T0D/callback`.
	`117`	`+`
	`118`	`+1. ClickSave.`
	`119`	`+`
	`120`	`+`
	`121`	`+You have now completed SSO setup for Keycloak via OIDC.`
	`122`	`+`
	`123`	`+##Sync teams via CLI`
	`124`	`+Sync users and teams through the[CLI]({{site.baseurl}}/docs/single-sign-on/team-sync/#cli-synchronize-teams).`
	`125`	`+`
	`126`	`+##Related articles`
	`127`	`+[Federated Single Sign-On (SSO) overview]({{site.baseurl}}/docs/single-sign-on/single-sign-on/)`
	`128`	`+[Setting up OIDC Federated SSO]({{site.baseurl}}/docs/single-sign-on/oidc)`
	`129`	`+[Common configuration for SSO providers]({{site.baseurl}}/docs/single-sign-on/team-sync)`

`‎_docs/single-sign-on/team-sync.md‎`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,8 +18,6 @@ You can sync teams:`
`18`	`18`	`* Automatically, in the Codefresh UI when you set up the SSO account for the IdP, through theAuto-sync team option. For details, see the SSO setup for your IdP.`
`19`	`19`	`* Manually, through the Codefresh CLI's[synchronize teams command](https://codefresh-io.github.io/cli/teams/synchronize-teams/){:target="\_blank"}.`
`20`	`20`
`21`		`->Team-sync is supported for OIDC providers.`
`22`		`- For SAML, team-sync is supported only for Google.`
`23`	`21`
`24`	`22`	`##CLI synchronize teams`
`25`	`23`