Keycloak: Difference between revisions
imported>Edelagnier add guide to create a theme |
Fix for running http only |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
'''[https://keycloak.org/ Keycloak]''' ([[wikipedia:en:Keycloak|Wikipedia]]) is identity and access management software, and can serve as an authentication server for applications (providing support for OpenID Connect, OAuth 2.0, and SAML. | '''[https://keycloak.org/ Keycloak]''' ([[wikipedia:en:Keycloak|Wikipedia]]) is identity and access management software, and can serve as an authentication server for applications (providing support for OpenID Connect, OAuth 2.0, and SAML). | ||
For official documentation on Keycloak please consult the [https://nixos.org/manual/nixos/stable/index.html#module-services-keycloak NixOS manual]. | |||
== Setup == | |||
Following configuration will enable a minimal and insecure Keycloak instance for '''testing purpose'''.<syntaxhighlight lang="nix"> | |||
environment.etc."keycloak-database-pass".text = "PWD"; | |||
services.keycloak = { | |||
enable = true; | |||
settings = { | |||
hostname = "localhost"; | |||
http-enabled = true; | |||
hostname-strict-https = false; | |||
}; | |||
database.passwordFile = "/etc/keycloak-database-pass"; | |||
}; | |||
<syntaxhighlight lang=" | </syntaxhighlight>After applying the configuration the Keycloak management interface will be available at http://localhost. Login with username <code>admin</code> and password <code>changeme</code>. | ||
... | |||
. | |||
</syntaxhighlight> | |||
== Tips and tricks == | |||
= | |||
=== Installation in subdirectory === | |||
Keycloak may be installed in a subdirectory of a domain. Thus you don't need to configure and expose a subdomain. For example with the following configuration, remember to edit <code>domain.tld</code>, reflecting your used domain. | Keycloak may be installed in a subdirectory of a domain. Thus you don't need to configure and expose a subdomain. For example with the following configuration, remember to edit <code>domain.tld</code>, reflecting your used domain. | ||
Line 101: | Line 72: | ||
</nowiki>}} | </nowiki>}} | ||
== Keycloak themes on NixOS == | === Keycloak themes on NixOS === | ||
You need to create a package for your custom theme and configure the keycloak service to use it | You need to create a package for your custom theme and configure the keycloak service to use it | ||
Line 118: | Line 88: | ||
- keycloak_custom_theme.nix <- package for your theme | - keycloak_custom_theme.nix <- package for your theme | ||
=== Create a theme === | ==== Create a theme ==== | ||
{{file|custom.css|css|<nowiki> | {{file|custom.css|css|<nowiki> | ||
Line 134: | Line 103: | ||
</nowiki>}} | </nowiki>}} | ||
=== Create a package === | ==== Create a package ==== | ||
{{file|keycloak_custom_theme.nix|nix|<nowiki> | {{file|keycloak_custom_theme.nix|nix|<nowiki> | ||
{ stdenv }: | { stdenv }: | ||
Line 154: | Line 122: | ||
</nowiki>}} | </nowiki>}} | ||
=== Create a packages set === | ==== Create a packages set ==== | ||
{{file|default.nix|nix|<nowiki> | {{file|default.nix|nix|<nowiki> | ||
Line 169: | Line 136: | ||
</nowiki>}} | </nowiki>}} | ||
==== Configure your keycloak service ==== | |||
=== Configure your keycloak service === | |||
{{file|configuration.nix|nix|<nowiki> | {{file|configuration.nix|nix|<nowiki> | ||
{ config, pkgs, lib, ... }: | { config, pkgs, lib, ... }: | ||
Line 197: | Line 162: | ||
</nowiki>}} | </nowiki>}} | ||
[[Category: | [[Category:Server]] | ||
[[Category:Security]] | |||
[[Category:NixOS Manual]] |