feat: keycloak config

Closes #18.
2021-12-12 23:56:34 +01:00 · 2021-12-12 23:56:34 +01:00 · 4f936a594a
parent 10e459f183
commit 4f936a594a
3 changed files with 39 additions and 1 deletions
--- a/.env.sample
+++ b/.env.sample
@ -7,4 +7,11 @@ SECRET_DB_PASSWORD_VERSION=v1

 SYNAPSE_ADMIN_EMAIL=admin@example.com

-DISABLE_FEDERATION=0
+#DISABLE_FEDERATION=1
+
+#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
+#KEYCLOAK_ENABLED=1
+#KEYCLOAK_NAME=
+#KEYCLOAK_URL=
+#KEYCLOAK_CLIENT_ID=
+#SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
--- a/compose.keycloak.yml
+++ b/compose.keycloak.yml
@ -0,0 +1,18 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - db_password
+      - keycloak_client_secret
+    environment:
+      - KEYCLOAK_ENABLED
+      - KEYCLOAK_NAME
+      - KEYCLOAK_URL
+      - KEYCLOAK_CLIENT_ID
+
+secrets:
+  keycloak_client_secret:
+    external: true
+    name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@ -1896,6 +1896,19 @@ oidc_providers:
  #    - attribute: userGroup
  #      value: "synapseUsers"

+  {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
+  - idp_id: keycloak
+    idp_name: {{ env "KEYCLOAK_NAME" }}
+    issuer: "{{ env "KEYCLOAK_URL" }}"
+    client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}"
+    client_secret: "{{ secret "keycloak_client_secret" }}"
+    scopes: ["openid", "profile"]
+    user_mapping_provider:
+      config:
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+  {{ end }}
+

 # Enable Central Authentication Service (CAS) for registration and login.
 #