mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Fixed Image Sources in saml-keycloak guide
Signed-off-by: Leo Maroni <git@em0lar.de>
This commit is contained in:
parent
ae8bb96cc6
commit
35ec617007
1 changed files with 11 additions and 11 deletions
|
@ -10,17 +10,17 @@
|
|||
|
||||
### Create a new client
|
||||
1. Select "Client" in left sidebar
|
||||
![keycloak_clients_overview](https://md.em0lar.de/uploads/upload_443839d7e4929aacf17b6babe6fa77ba.png)
|
||||
![keycloak_clients_overview](../../images/auth/keycloak_clients_overview.png)
|
||||
2. Click on the "Create" button
|
||||
3. Set a Client ID and specify this in `saml.issuer` property of the CodiMD configuration or `CMD_SAML_ISSUER` environment variable
|
||||
4. Select `SAML` as Client Protocol
|
||||
5. Set Client SAML Endpoint to `https://codimd.example.com/auth/saml` (replace `https://codimd.example.com` with the base URL of your CodiMD installation)
|
||||
![keycloak_add_client](https://md.em0lar.de/uploads/upload_451868268f37a7c47b8bf2ab4f9d1fa9.png)
|
||||
![keycloak_add_client](../../images/auth/keycloak_add_client.png)
|
||||
6. Leave "Client Signature Required" enabled
|
||||
7. Set Root URL to `https://codimd.example.com` (replace it here also with the base URL of your CodiMD installation)
|
||||
8. Set Valid Redirect URIs to `https://codimd.example.com/auth/saml/callback` (you should also define all other domains of your CodiMD installtion with the suffix `/auth/saml/callback`)
|
||||
9. Set Base URL to `/`
|
||||
![keycloak_client_overview](https://md.em0lar.de/uploads/upload_fd0560a2e8e4cbd6e88bb8828d0a4fb1.png)
|
||||
![keycloak_client_overview](../../images/auth/keycloak_client_overview.png)
|
||||
10. _(optional)_ You can set which Name ID Format should be used
|
||||
|
||||
## Configure CodiMD
|
||||
|
@ -58,11 +58,11 @@ openssl req -new -x509 -key priv.pem -out cert.pem
|
|||
2. Select "Client" in left sidebar
|
||||
3. Go to your CodiMD-Client
|
||||
4. Select the "SAML Keys" tab
|
||||
![keycloak_saml_import_cert](https://md.em0lar.de/uploads/upload_85d97cc7b764a6199064342283310074.png)
|
||||
![keycloak_saml_import_cert](../../images/auth/keycloak_saml_import_cert.png)
|
||||
5. Click on "Import"
|
||||
6. Select `Certificate PEM` as "Archive Format"
|
||||
7. Now upload the generated cert.pem (in this case named `cert.pem`)
|
||||
![keycloak_saml_import_cert_details](https://md.em0lar.de/uploads/upload_95ad43ccb73a85e8a5dab322db6a0f12.png)
|
||||
![keycloak_saml_import_cert_details](../../images/auth/keycloak_saml_import_cert_details.png)
|
||||
8. Click on "Import"
|
||||
9. Move or copy this key (in this case named `key.pem`) and save it to the file specified in `saml.clientCert` property of the CodiMD configuration or in the enviroment-variable `CMD_SAML_CLIENTCERT`
|
||||
|
||||
|
@ -73,11 +73,11 @@ Instead if generating you own certificate, you can also use the one generated by
|
|||
1. Select "Client" in left sidebar
|
||||
2. Go to your CodiMD-Client
|
||||
3. Select the "SAML Keys" tab
|
||||
![keycloak_saml_export_cert](https://md.em0lar.de/uploads/upload_ac3343ef86dad2f10155ba9707bea042.png)
|
||||
![keycloak_saml_export_cert](../../images/auth/keycloak_saml_export_cert.png)
|
||||
|
||||
5. Now click on "Export"
|
||||
6. Here you can select the output format, choose `PKCS12`. You also have to set a password. Choose your own.
|
||||
![keycloak_saml_export_cert_details](https://md.em0lar.de/uploads/upload_8eaa9082c9fb429614ecdf9ebcfc93c5.png)
|
||||
![keycloak_saml_export_cert_details](../../images/auth/keycloak_saml_export_cert_details.png)
|
||||
6. Click on "Download" and save the file somewhere on you computer
|
||||
7. You now have to extract the private Key. You can do this with the following command. WHen asked, enter your password.
|
||||
```shell
|
||||
|
@ -89,15 +89,15 @@ openssl pkcs12 -in keystore.p12 -out key.pem -nocerts -nodes
|
|||
Instead of using the username as the owner-key in the CodiMD database, you can also use a persistent identifier. This allows to change the username, without them loosing access to their notes.
|
||||
|
||||
1. Go to the CodiMD-Client in keycloak. Now enable the option "Force Name ID Format" and select "persistent" as the "Name ID Format".
|
||||
![keycloak_force_idformat](https://md.em0lar.de/uploads/upload_dc195bbed788aa4eb7b8cf7c29141a45.png)
|
||||
![keycloak_force_idformat](../../images/auth/keycloak_force_idformat.png)
|
||||
2. For codimd to be able to use the username and email configured in keycloak, you have to create the following SAML protocol mappers:
|
||||
2.1. Create a mapper with the type `User Property`. Set the Name, Property and SAML Attribute Name to `username`. Now you can specify a friendly name (for example `Username`)
|
||||
![keycloak_mapper_username](https://md.em0lar.de/uploads/upload_7c69c97213c86888ccf0d781a3ea2fc8.png)
|
||||
![keycloak_mapper_username](../../images/auth/keycloak_mapper_username.png)
|
||||
2.2 Create a mapper with the type `User Property`. Set the Name, Property and SAML Attribute Name to `email`. Now you can specify a friendly name (for example `E-Mail`)
|
||||
![keycloak_mapper_email](https://md.em0lar.de/uploads/upload_a65ef8729a96e9cd02eeec173726094d.png)
|
||||
![keycloak_mapper_email](../../images/auth/keycloak_mapper_email.png)
|
||||
|
||||
The configured mappers should look like this:
|
||||
![keycloak_mapper_overview](https://md.em0lar.de/uploads/upload_0cf3fcccc4d192c6575f065949b786be.png)
|
||||
![keycloak_mapper_overview](../../images/auth/keycloak_mapper_overview.png)
|
||||
|
||||
3. You now have to add the following block to the saml-definition inside your `config.json`:
|
||||
```json
|
||||
|
|
Loading…
Reference in a new issue