sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

update keycloak steps

Browse Source
This commit is contained in:
braginini
2022-08-24 16:03:15 +02:00
parent f95d0db6f1
commit 0dbeeb9cdc
2 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/integrations/identity-providers/self-hosted/auth0.md
View File

@@ -37,16 +37,19 @@ This Auth0 application will be used to authorize access to NetBird Dashboard (We
- Follow the steps in the [Auth0 React SDK Guide](https://auth0.com/docs/quickstart/spa/react/01-login#configure-auth0)
up until "Install the Auth0 React SDK".
- Use **`https://YOUR DOMAIN`** as: `Allowed Callback URLs`, `Allowed Logout URLs`, `Allowed Web Origins`, `Allowed Origins (CORS)`
- :warning: Make sure that **`Token Endpoint Authentication Method`** is set to **`None`**.
- Use **`https://YOUR DOMAIN`** as: `Allowed Callback URLs`, `Allowed Logout URLs`, `Allowed Web Origins`, `Allowed Origins (CORS)`
:::caution
Make sure that **`Token Endpoint Authentication Method`** is set to **`None`**.
:::
- Use **`Client ID`** to set ```NETBIRD_AUTH_CLIENT_ID``` property in the `setup.env` file.
- Use **`Domain`** to configure ```NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT``` property in the `setup.env` file like so:
```
https://<DOMAIN>/.well-known/openid-configuration
```
:warning: Double-check if the endpoint returns a JSON response by calling it from your browser.
:::caution
Double-check if the endpoint returns a JSON response by calling it from your browser.
:::
### Step 3: Create and configure Auth0 API

20
docs/integrations/identity-providers/self-hosted/keycloak.md
View File

@@ -27,7 +27,7 @@ The following guide is an adapted version of the original
For this guide, you need a fully configured Keycloak instance running with SSL.
We assume that your Keycloak instance is available at https://YOUR-KEYCLOAK-HOST:443.
We assume that your Keycloak instance is available at https://YOUR-KEYCLOAK-HOST-AND_PORT.
Feel free to change the port if you have configured Keycloak with a different one.
Most of the OIDC software requires SSL for production use.
@@ -42,8 +42,7 @@ To create a realm you need to:
- Fill in the form with the following values:
- Realm name: `netbird`
- Click `Create`
- Your newly created realm `https://YOUR-KEYCLOAK-HOST:443/realms/netbird` will be used later to set `NETBIRD_AUTH_AUTHORITY` in the `setup.env` file.
-
![](/img/integrations/identity-providers/self-hosted/keycloak-create-realm.png)
### Step 3: Create a user
@@ -152,20 +151,23 @@ In this step, we will create and configure the NetBird client audience for Keycl
### Step 8: Continue with the self-hosting guide
Your authority configuration will be available under:
Your authority OIDC configuration will be available under:
```
https://YOUR-KEYCLOAK-HOST:443/realms/netbird/.well-known/openid-configuration
https://<YOUR-KEYCLOAK-HOST-AND-PORT>/realms/netbird/.well-known/openid-configuration
```
:::caution
Double-check if the endpoint returns a JSON response by calling it from your browser.
:::
- Set properties in the `setup.env` file:
- NETBIRD_AUTH_AUTHORITY=`https://YOUR-KEYCLOAK-HOST-AND-PORT/realms/netbird`. This is the `issuer` field of the openid-configuration.
- NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT=`https://<YOUR-KEYCLOAK-HOST-AND-PORT>/realms/netbird/.well-known/openid-configuration`.
- NETBIRD_AUTH_CLIENT_ID=`netbird-client`
- NETBIRD_AUTH_AUDIENCE=`netbird-client`
- NETBIRD_AUTH_SUPPORTED_SCOPES=`openid profile email offline_access api`. Use the fields specified in the `scopes_supported` field of the openid-configuration.
- NETBIRD_AUTH_JWT_CERTS=`https://YOUR-KEYCLOAK-HOST-AND-PORT/realms/netbird/protocol/openid-connect/certs`. Use `jwks_uri` from the openid-configuration to set `NETBIRD_AUTH_JWT_CERTS`
- NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=`netbird-client`. Optional,
it enables the [Interactive SSO Login feature](/getting-started/installation#running-netbird-with-sso-login) (Oauth 2.0 Device Authorization Flow)
- You can now continue with the [NetBird Self-hosting Guide](/getting-started/self-hosting#step-3-configure-identity-provider).
:::note
Make sure that your Keycloak instance and `NETBIRD_AUTH_AUTHORITY` use HTTPS. Otherwise, the setup won't work.
Make sure that your Keycloak instance use HTTPS. Otherwise, the setup won't work.
:::