Keycloak:修订间差异
创建页面,内容为“ Create realm: my-org Create users: whatever Create client: my-app Client ID: my-app Valid redirect URIs: http://localhost:5173/auth/callback Valid post logout redirect URIs : http://localhost:5173 Web origins: http://localhost:5173 (No slash at end!!!) Client authentication: off (for public clients) Authentication flow: Standard flow, Direct access grants Category:OAuth” |
标签:2017版源代码编辑 |
||
| (未显示同一用户的2个中间版本) | |||
| 第1行: | 第1行: | ||
== Install == | |||
<syntaxhighlight lang="bash"> | |||
docker run --name example-keycloak \ | |||
-p 8081:8080 -d \ | |||
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ | |||
-e KC_BOOTSTRAP_ADMIN_PASSWORD=<change it> \ | |||
quay.io/keycloak/keycloak:26.0.7 start-dev \ | |||
--hostname=https://oauth.example.com | |||
</syntaxhighlight> | |||
Reversed proxy<ref>https://medium.com/@asynchronouscal/keycloak-production-mode-with-docker-step-by-step-guide-b284927e72c0</ref> <ref>https://www.keycloak.org/server/reverseproxy</ref>: | |||
<syntaxhighlight lang="config"> | |||
server { | |||
Client ID: my-app | server_name oauth.example.com; | ||
Valid redirect URIs: http://localhost:5173/auth/callback | |||
Valid post logout redirect URIs : http://localhost:5173 | location / { | ||
Web origins: http://localhost:5173 (No slash at end!!!) | root html; | ||
Client authentication: off (for public clients) | index index.html index.htm; | ||
Authentication flow: Standard flow, Direct access grants | proxy_pass http://localhost:8081; | ||
proxy_redirect off; | |||
proxy_set_header Host $host; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-For $remote_addr; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header X-Forwarded-Port 443; | |||
} | |||
... | |||
} | |||
</syntaxhighlight> | |||
== Configure == | |||
* Create realm: my-org | |||
* Create users: whatever | |||
* Create client: my-app | |||
* Client ID: my-app | |||
* Valid redirect URIs: http://localhost:5173/auth/callback | |||
* Valid post logout redirect URIs : http://localhost:5173 | |||
* Web origins: http://localhost:5173 (No slash at end!!!) | |||
* Client authentication: off (for public clients) | |||
* Authentication flow: Standard flow, Direct access grants | |||
[[Category:OAuth]] | [[Category:OAuth]] | ||
2024年12月4日 (三) 14:19的最新版本
Install
docker run --name example-keycloak \
-p 8081:8080 -d \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=<change it> \
quay.io/keycloak/keycloak:26.0.7 start-dev \
--hostname=https://oauth.example.com
server {
server_name oauth.example.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:8081;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
}
...
}Configure
- Create realm: my-org
- Create users: whatever
- Create client: my-app
- Client ID: my-app
- Valid redirect URIs: http://localhost:5173/auth/callback
- Valid post logout redirect URIs : http://localhost:5173
- Web origins: http://localhost:5173 (No slash at end!!!)
- Client authentication: off (for public clients)
- Authentication flow: Standard flow, Direct access grants