diff --git a/CHANGELOG.md b/CHANGELOG.md index 74f09c2..fdbb6d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ ## Changes since v3.2.0 +- [#226](https://github.com/pusher/oauth2_proxy/pull/227) Add Keycloak provider (@Ofinka) - [#178](https://github.com/pusher/outh2_proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes) - [#209](https://github.com/pusher/outh2_proxy/pull/209) Improve docker build caching of layers (@dekimsey) - [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed) diff --git a/docs/2_auth.md b/docs/2_auth.md index 7a9bebd..2d53e1f 100644 --- a/docs/2_auth.md +++ b/docs/2_auth.md @@ -15,6 +15,7 @@ Valid providers are : - [Azure](#azure-auth-provider) - [Facebook](#facebook-auth-provider) - [GitHub](#github-auth-provider) +- [Keycloak](#keycloak-auth-provider) - [GitLab](#gitlab-auth-provider) - [LinkedIn](#linkedin-auth-provider) - [login.gov](#logingov-provider) @@ -101,6 +102,20 @@ If you are using GitHub enterprise, make sure you set the following to the appro -redeem-url="http(s):///login/oauth/access_token" -validate-url="http(s):///api/v3" +### Keycloak Auth Provider + +1. Create new client in your Keycloak with **Access Type** 'confidental'. +2. Create a mapper with **Mapper Type** 'Group Membership'. + +Make sure you set the following to the appropriate url: + + -provider=keycloak + -client-id= + -client-secret= + -login-url="http(s):///realms//protocol/openid-connect/auth" + -redeem-url="http(s):///realms/master//openid-connect/auth/token" + -validate-url="http(s):///realms/master//openid-connect/userinfo" + ### GitLab Auth Provider Whether you are using GitLab.com or self-hosting GitLab, follow [these steps to add an application](http://doc.gitlab.com/ce/integration/oauth_provider.html)