Yannick Warnier
11922c1283
|
1 year ago | |
|---|---|---|
| .. | ||
| lang | 7 years ago | |
| KeycloakPlugin.php | 7 years ago | |
| README.md | 1 year ago | |
| index.php | ||
| metadata.php | 6 years ago | |
| plugin.php | ||
| settings.dist.php | 6 years ago | |
| start.php | 6 years ago | |
README.md
Keycloak
-
Enable the plugin.
-
Create a new settings.php file here plugin/keycloak/settings.php you can find an example here: plugin/keycloak/settings.dist.php
-
Edit the settings.php file with your Keycloak settings:
'idp' => array(
'entityId' => 'http://localhost:8080/auth/realms/master',
'singleSignOnService' => array (
'url' => 'http://localhost:8080/auth/realms/master/protocol/saml',
),
'singleLogoutService' => array (
'url' => 'http://localhost:8080/auth/realms/master/protocol/saml',
),
'x509cert' => 'xxx',
)
- Configure your keycloak server with the following settings:
-
Create a client with "client id" value: http://www.example.org/plugin/keycloak/metadata.php
-
Valid redirect URIs: *
-
Client Protocol: saml
-
Logout service redirect Binding URL: http://www.example.org/plugin/keycloak/start.php?sls
Change the client scope roles to "Single role attribute".
- Client Scopes-> role_list -> Mappers -> role list -> "Single Role Attribute" = true
Add user mappers for "FirstName", "LastName" and "Email" so Chamilo can get those values.
Clients -> (select the client previously created) -> mappers -> create
Name: Email Mapper Type = User Property. User Attribute: Email Friendly Name: Email SAML Attribute Name: Email SAML Attribute: Basic
Repeat the process for the 3 attributes.
Create a demo user in keycloak
Try to login using the new keycloak button in Chamilo.
When everything works, restrict Valid redirect URIs setting from * to http://www.example.org/plugin/keycloak/start.php?acs