diff --git a/README.md b/README.md index 40ac06e8..64f3e5cb 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Vouch Proxy supports many OAuth and OIDC login providers and can enforce authent - [Discord](https://github.com/eltariel/foundry-docker-nginx-vouch) - [SecureAuth](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example_secureauth) - [Gitea](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example_gitea) -- Keycloak +- [Keycloak](config/config.yml_example_keycloak) - [OAuth2 Server Library for PHP](https://github.com/vouch/vouch-proxy/issues/99) - [HomeAssistant](https://developers.home-assistant.io/docs/en/auth_api.html) - [OpenStax](https://github.com/vouch/vouch-proxy/pull/141) diff --git a/config/config.yml_example_keycloak b/config/config.yml_example_keycloak new file mode 100644 index 00000000..b176c6aa --- /dev/null +++ b/config/config.yml_example_keycloak @@ -0,0 +1,39 @@ + +# Vouch Proxy configuration +# bare minimum to get Vouch Proxy running with Keycloak + +vouch: + domains: + - yourdomain.com + + # - OR - + # instead of setting specific domains you may prefer to allow all users... + # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at the configured provider + # and set vouch.cookie.domain to the domain you wish to protect + # allowAllUsers: true + + cookie: + # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) + secure: false + # vouch.cookie.domain must be set when enabling allowAllUsers + # domain: yourdomain.com + +oauth: + # Generic OpenID Connect + # for Keycloak + provider: oidc + client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx + client_secret: xxxxxxxxxxxxxxxxxxxxxxxx + auth_url: https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/protocol/openid-connect/auth + token_url: https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/protocol/openid-connect/token + user_info_url: https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/protocol/openid-connect/userinfo + scopes: + - openid + - email + - profile + callback_url: http://vouch.yourdomain.com:9090/auth + # you can get values of of auth_url, token_url and user_info_url from https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/.well-known/openid-configuration + # When configuring client in Keycloak, you should use following values + ## valid redirect: http://vouch.yourdomain.com:9090/auth + ## valid logout: http://vouch.yourdomain.com:9090/logout + ## web origin: http://vouch.yourdomain.com:9090 \ No newline at end of file