Keycloak
This is dockerised Keycloak system. Keycloak support openid_connect. It's designed to be connected to a Dolibarr instance and other partners applciations.
Setting up your environement
- Clone this repository
cp .env.sample .env
- Edit .env (host, keycloak admin credential and MariaDB password)
Launch environement
docker-compose up
Configuration
Create realm, first user and connect first application
Follow the official get started tutorial
Link a Dolibarr instance to Keycloak
Prerequisites
Set un dockerised Dolibarr
Set up Dolibarr
To set up SSO with dolibarr you need folow this insctruction :
- Create user with the same username in dolibarr and keycloak
- Generate the dolibarr variable with
dolibarr_variables.py
. If you don't know where to find the information requested by the script, see Prerequisites - Put generated variables in Dolibarr > Setup > Other Setup
- Configure the authentication methods in conf.php (dolibarr_src/htdocs/conf/conf.php) and add openid_connect.
$dolibarr_main_authentication='openid_connect'
- In dev : choose username matching :
preferred_username
- In prod : Choose mail matching method
For many information, follow the dolibarr tutorial
Final config KeyCloak Dolibarr for Prod (WIP)
- In Realm settings > Login, check following options
- Forgot password
- Remember me
- Email as username
- login with email
- verify email
- Realm settings > Email, configur your SMTP parameters + mail informations
- Realm settings > Theme, add your custom theme
- If needed create users group
- Create your users
- Client > account-console > sttings
- Set web origins to *