Documentation and script to setup keycloak with dolibarr

c1f675b0 · Elian Loraux · a417a1e0 · c1f675b0 · c1f675b0
Commit c1f675b0 authored 1 year ago by Elian Loraux
--- a/README.md
+++ b/README.md
@@ -8,3 +8,21 @@ This is dockerised keycloak system
 2. `cp .env.sample .env`
 3. Edit .env (host and admin credential)
 4. Run KeyCloak with docker-compose
+
+## Secure the first application
+
+To secure the first application, folow [this tutorial](https://www.keycloak.org/getting-started/getting-started-docker) but start docker with the docker compose.
+
+## SSO with dolibarr
+
+### Prerequisites
+
+
+### Set up
+To set up SSO with dolibarr you need folow this insctruction :
+
+1. Generate the dolibarr variable with `dolibarr_variables.py`. If you don't know where to find the information requested by the script, see Prerequisites
+2. Put generated variable in dolibarr > Setup > Other Setup
+3. Configure the authentication methods in conf.php (dolibarr_src/htdocs/conf/conf.php) and add openid_connect. `$dolibarr_main_authentication='openid_connect'`
+
+For many information, folow the [dolibarr tutorial](https://wiki.dolibarr.org/index.php?title=Authentication,_SSO_and_SSL#Mode_openid_connect)
--- a/dolibarr_variables.py
+++ b/dolibarr_variables.py
+import urllib
+
+print("This is python script to generate variable for sso with keycloak in dolibarr")
+
+keycloakHost = input("Plese give the keycloak domain (ex: keycloak.tetras-libre.fr) : ")
+doliHost = input("Plese give the dolibarr domain (ex: dolibarr.tetras-libre.fr) : ")
+
+print("\nIf you don't know where to find the following information, check \"dolibarr prerequisites\" in readme")
+realm = input("Plese give your keycloak realm : ")
+clientID = input("Plese give clientID of keycloak client : ")
+secret = input("Plese give secret of keycloak client : ")
+
+
+print("\nYou need to give the folow variable in dolibarr > Setup > Other Setup \n")
+
+print("MAIN_AUTHENTICATION_OIDC_CLIENT_ID \t " + clientID)
+print("MAIN_AUTHENTICATION_OIDC_CLIENT_SECRET \t " + secret)
+print("MAIN_AUTHENTICATION_OIDC_LOGIN_CLAIM \t preferred_username")
+print("MAIN_AUTHENTICATION_OIDC_REDIRECT_URL \t https://" + doliHost + "/?openid_mode=true")
+print("MAIN_AUTHENTICATION_OIDC_TOKEN_URL \t https://" + keycloakHost + "/realms/" + realm + "/protocol/openid-connect/token")
+print("MAIN_AUTHENTICATION_OIDC_USERINFO_URL \t https://" + keycloakHost + "/realms/" + realm + "/protocol/openid-connect/userinfo")
+
+dolibarr_urlencode = "https%3A%2F%2F" + doliHost
+
+print("MAIN_LOGOUT_GOTO_URL \t\t\t https://" + keycloakHost + "/realms/" + realm + "/protocol/openid-connect/auth?client_id=" + clientID + "&redirect_uri=" + dolibarr_urlencode + "%2F%3Fopenid_mode%3Dtrue&scope=openid profile email&response_type=code")
+print("MAIN_AUTHENTICATION_OPENID_URL \t\t https://" + keycloakHost + "/realms/" + realm + "/protocol/openid-connect/logout?client_id="+ clientID + "&returnTo=" + dolibarr_urlencode)