Skip to content

Commit aa0a89d

Browse files
bnfinetbnfinet
committed
Merge branch 'pr/shkpk/551'
2 parents ee2eca1 + 6669758 commit aa0a89d

2 files changed

Lines changed: 40 additions & 1 deletion

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ Vouch Proxy supports many OAuth and OIDC login providers and can enforce authent
2424
- [Discord](https://github.com/eltariel/foundry-docker-nginx-vouch)
2525
- [SecureAuth](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example_secureauth)
2626
- [Gitea](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example_gitea)
27-
- Keycloak
27+
- [Keycloak](config/config.yml_example_keycloak)
2828
- [OAuth2 Server Library for PHP](https://github.com/vouch/vouch-proxy/issues/99)
2929
- [HomeAssistant](https://developers.home-assistant.io/docs/en/auth_api.html)
3030
- [OpenStax](https://github.com/vouch/vouch-proxy/pull/141)

config/config.yml_example_keycloak

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
2+
# Vouch Proxy configuration
3+
# bare minimum to get Vouch Proxy running with Keycloak
4+
5+
vouch:
6+
domains:
7+
- yourdomain.com
8+
9+
# - OR -
10+
# instead of setting specific domains you may prefer to allow all users...
11+
# set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at the configured provider
12+
# and set vouch.cookie.domain to the domain you wish to protect
13+
# allowAllUsers: true
14+
15+
cookie:
16+
# allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com)
17+
secure: false
18+
# vouch.cookie.domain must be set when enabling allowAllUsers
19+
# domain: yourdomain.com
20+
21+
oauth:
22+
# Generic OpenID Connect
23+
# for Keycloak
24+
provider: oidc
25+
client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
26+
client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
27+
auth_url: https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/protocol/openid-connect/auth
28+
token_url: https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/protocol/openid-connect/token
29+
user_info_url: https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/protocol/openid-connect/userinfo
30+
scopes:
31+
- openid
32+
- email
33+
- profile
34+
callback_url: http://vouch.yourdomain.com:9090/auth
35+
# you can get values of of auth_url, token_url and user_info_url from https://{yourKeycloakDomain}/realms/{yourKeycloakRealm}/.well-known/openid-configuration
36+
# When configuring client in Keycloak, you should use following values
37+
## valid redirect: http://vouch.yourdomain.com:9090/auth
38+
## valid logout: http://vouch.yourdomain.com:9090/logout
39+
## web origin: http://vouch.yourdomain.com:9090

0 commit comments

Comments
 (0)