Current File : /home/tjamichg/cursos.tjamich.gob.mx/plugin/keycloak/README.md
Keycloak
==============
1. Enable the plugin.
2. Create a new settings.php file here plugin/keycloak/settings.php you can find an example here:
plugin/keycloak/settings.dist.php
3. Edit the settings.php file with your Keycloak settings:
<pre>
'idp' => array(
'entityId' => 'http://localhost:8080/auth/realms/master',
'singleSignOnService' => array (
'url' => 'http://localhost:8080/auth/realms/master/protocol/saml',
),
'singleLogoutService' => array (
'url' => 'http://localhost:8080/auth/realms/master/protocol/saml',
),
'x509cert' => 'xxx',
)
</pre>
4. Configure your keycloak server with the following settings:
* Create a client with "client id" value:
http://www.example.org/plugin/keycloak/metadata.php
* Valid redirect URIs: *
* Client Protocol: saml
* Logout service redirect Binding URL: http://www.example.org/plugin/keycloak/start.php?sls
Change the client scope roles to "Single role attribute".
- Client Scopes-> role_list -> Mappers -> role list -> "Single Role Attribute" = true
Add user mappers for "FirstName", "LastName" and "Email" so Chamilo can get those values.
Clients -> (select the client previously created) -> mappers -> create
Name: Email
Mapper Type = User Property.
User Attribute: Email
Friendly Name: Email
SAML Attribute Name: Email
SAML Attribute: Basic
Repeat the process for the 3 attributes.
Create a demo user in keycloak
Try to login using the new keycloak button in Chamilo.
When everything works, restrict `Valid redirect URIs` setting from `*` to `http://www.example.org/plugin/keycloak/start.php?acs`
Mini Shell