Cli/ref/mw docker keycloak

< Cli | ref

mw docker keycloak

edit

Keycloak service

Synopsis

edit

Keycloak service

edit

Keycloak is an open source identity manager (IdM) that can be used to provide single-sign on. It supports OpenID Connect and SAML.

They keycloak service allows you to add, delete, list, and get metadata for keycloak realms, clients, and users.

Setting up MediaWiki with OpenID Connect

edit

You will need to create a realm, a client, and at least one user as follows:

mw docker keycloak create
mw docker keycloak add realm <realmname>
mw docker keycloak add client <clientname> <realmname>
mw docker keycloak add user <username> <temporarypassword> <realmname>

where <realmname> is the name you choose for your realm, <clientname> is the name you choose for your client, <username> is the name you choose for your user, and <temporarypassword> is a temporary password that you will be asked to change at your first login.

Then, you will need to get the client secret that was assigned to your client:

mw docker keycloak get clientsecret <clientname> <realmname>

Using the client secret returned as <clientsecret> below, add the following to your LocalSettings.php:

wfLoadExtension('PluggableAuth');
wfLoadExtension('OpenIDConnect');
$wgPluggableAuth_Config = [
  "Keycloak" => [
    'plugin' => 'OpenIDConnect',
    'data' => [
      'providerURL' => 'http://keycloak.mwdd.localhost:8080/realms/<realmname>',
      'clientID' => '<clientname>',
      'clientsecret' => '<clientsecret>'
    ]
  ]
];

More Control

edit

If you need finer-grained control of the keycloak service, you can use the exec command:

mw docker keycloak exec -- bash

to get a command line and then use the /opt/keycloak/bin/kcadm.sh commands shown in the Keycloak Admin CLI guide.

See Also

edit

Options inherited from parent commands

edit
  -c, --context string   The context to use (default "default")
      --help             Help for this command
      --no-interaction   Do not ask any interactive questions
  -v, --verbose count    Increase output verbosity. Example: --verbose=2 or -vv

SEE ALSO

edit