github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 01:36:29 -05:00
Code Issues Projects Releases Packages Wiki Activity

Fixed Image Sources in saml-keycloak guide

Browse source 
Signed-off-by: Leo Maroni <git@em0lar.de>
This commit is contained in:
Leo Maroni 2020-05-01 15:00:10 +02:00
parent ae8bb96cc6
commit 35ec617007
No known key found for this signature in database
GPG key ID: B1ADA545CD2CBACD
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
docs/guides/auth/saml-keycloak.md
View file

@ -10,17 +10,17 @@
### Create a new client
1. Select "Client" in left sidebar
![keycloak_clients_overview](https://md.em0lar.de/uploads/upload_443839d7e4929aacf17b6babe6fa77ba.png)
![keycloak_clients_overview](../../images/auth/keycloak_clients_overview.png)
2. Click on the "Create" button
3. Set a Client ID and specify this in `saml.issuer` property of the CodiMD configuration or `CMD_SAML_ISSUER` environment variable
4. Select `SAML` as Client Protocol
5. Set Client SAML Endpoint to `https://codimd.example.com/auth/saml` (replace `https://codimd.example.com` with the base URL of your CodiMD installation)
![keycloak_add_client](https://md.em0lar.de/uploads/upload_451868268f37a7c47b8bf2ab4f9d1fa9.png)
![keycloak_add_client](../../images/auth/keycloak_add_client.png)
6. Leave "Client Signature Required" enabled
7. Set Root URL to `https://codimd.example.com` (replace it here also with the base URL of your CodiMD installation)
8. Set Valid Redirect URIs to `https://codimd.example.com/auth/saml/callback` (you should also define all other domains of your CodiMD installtion with the suffix `/auth/saml/callback`)
9. Set Base URL to `/`
![keycloak_client_overview](https://md.em0lar.de/uploads/upload_fd0560a2e8e4cbd6e88bb8828d0a4fb1.png)
![keycloak_client_overview](../../images/auth/keycloak_client_overview.png)
10. _(optional)_ You can set which Name ID Format should be used
## Configure CodiMD
@ -58,11 +58,11 @@ openssl req -new -x509 -key priv.pem -out cert.pem
2. Select "Client" in left sidebar
3. Go to your CodiMD-Client
4. Select the "SAML Keys" tab
![keycloak_saml_import_cert](https://md.em0lar.de/uploads/upload_85d97cc7b764a6199064342283310074.png)
![keycloak_saml_import_cert](../../images/auth/keycloak_saml_import_cert.png)
5. Click on "Import"
6. Select `Certificate PEM` as "Archive Format"
7. Now upload the generated cert.pem (in this case named `cert.pem`)
![keycloak_saml_import_cert_details](https://md.em0lar.de/uploads/upload_95ad43ccb73a85e8a5dab322db6a0f12.png)
![keycloak_saml_import_cert_details](../../images/auth/keycloak_saml_import_cert_details.png)
8. Click on "Import"
9. Move or copy this key (in this case named `key.pem`) and save it to the file specified in `saml.clientCert` property of the CodiMD configuration or in the enviroment-variable `CMD_SAML_CLIENTCERT`
@ -73,11 +73,11 @@ Instead if generating you own certificate, you can also use the one generated by
1. Select "Client" in left sidebar
2. Go to your CodiMD-Client
3. Select the "SAML Keys" tab
![keycloak_saml_export_cert](https://md.em0lar.de/uploads/upload_ac3343ef86dad2f10155ba9707bea042.png)
![keycloak_saml_export_cert](../../images/auth/keycloak_saml_export_cert.png)
5. Now click on "Export"
6. Here you can select the output format, choose `PKCS12`. You also have to set a password. Choose your own.
![keycloak_saml_export_cert_details](https://md.em0lar.de/uploads/upload_8eaa9082c9fb429614ecdf9ebcfc93c5.png)
![keycloak_saml_export_cert_details](../../images/auth/keycloak_saml_export_cert_details.png)
6. Click on "Download" and save the file somewhere on you computer
7. You now have to extract the private Key. You can do this with the following command. WHen asked, enter your password.
```shell
@ -89,15 +89,15 @@ openssl pkcs12 -in keystore.p12 -out key.pem -nocerts -nodes
Instead of using the username as the owner-key in the CodiMD database, you can also use a persistent identifier. This allows to change the username, without them loosing access to their notes.
1. Go to the CodiMD-Client in keycloak. Now enable the option "Force Name ID Format" and select "persistent" as the "Name ID Format".
![keycloak_force_idformat](https://md.em0lar.de/uploads/upload_dc195bbed788aa4eb7b8cf7c29141a45.png)
![keycloak_force_idformat](../../images/auth/keycloak_force_idformat.png)
2. For codimd to be able to use the username and email configured in keycloak, you have to create the following SAML protocol mappers:
2.1. Create a mapper with the type `User Property`. Set the Name, Property and SAML Attribute Name to `username`. Now you can specify a friendly name (for example `Username`)
![keycloak_mapper_username](https://md.em0lar.de/uploads/upload_7c69c97213c86888ccf0d781a3ea2fc8.png)
![keycloak_mapper_username](../../images/auth/keycloak_mapper_username.png)
2.2 Create a mapper with the type `User Property`. Set the Name, Property and SAML Attribute Name to `email`. Now you can specify a friendly name (for example `E-Mail`)
![keycloak_mapper_email](https://md.em0lar.de/uploads/upload_a65ef8729a96e9cd02eeec173726094d.png)
![keycloak_mapper_email](../../images/auth/keycloak_mapper_email.png)
The configured mappers should look like this:
![keycloak_mapper_overview](https://md.em0lar.de/uploads/upload_0cf3fcccc4d192c6575f065949b786be.png)
![keycloak_mapper_overview](../../images/auth/keycloak_mapper_overview.png)
3. You now have to add the following block to the saml-definition inside your `config.json`:
```json