From 2daf487bb85fc2c256d8ddbfe570f775bed569cc Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Thu, 13 Apr 2023 15:42:29 -0400
Subject: [PATCH] Add basic SSO setup to README, tweak settings order

---
 .env.sample |  4 ++--
 README.md   | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.env.sample b/.env.sample
index f5fabdf..d357238 100644
--- a/.env.sample
+++ b/.env.sample
@@ -9,8 +9,6 @@ DOMAIN=outline.example.com
 LETS_ENCRYPT_ENV=production
 
 COMPOSE_FILE="compose.yml"
-#COMPOSE_YML="compose.yml:compose.oidc.yml"
-#COMPOSE_YML="compose.yml:compose.google.yml"
 
 # –––––––––––––––– REQUIRED ––––––––––––––––
 
@@ -70,6 +68,7 @@ ALLOWED_DOMAINS=
 #SMTP_TLS_CIPHERS=
 #SMTP_SECURE=true
 
+#COMPOSE_YML="$COMPOSE_FILE:compose.oidc.yml"
 #OIDC_ENABLED=1
 #OIDC_CLIENT_ID=
 #OIDC_AUTH_URI=
@@ -80,6 +79,7 @@ ALLOWED_DOMAINS=
 #OIDC_SCOPES="openid profile email"
 #SECRET_OIDC_CLIENT_SECRET_VERSION=v1
 
+#COMPOSE_YML="$COMPOSE_FILE:compose.google.yml"
 #GOOGLE_ENABLED=1
 #GOOGLE_CLIENT_ID=
 #SECRET_GOOGLE_CLIENT_SECRET_VERSION=v1
diff --git a/README.md b/README.md
index 1dd2284..e8cee8f 100644
--- a/README.md
+++ b/README.md
@@ -52,3 +52,13 @@ Where `<username-to-delete>` is the username of the user to be removed, and
 revisions to (instead of deleting them).
 
 _As of 2022-03-30, this requires `abra` RC version, run `abra upgrade --rc`._
+
+## Single Sign On with Keycloak
+
+`abra app config YOURAPPNAME`, then uncomment everything in the `OIDC_` section.
+
+Create a new client in Keycloak:
+
+- **Valid Redirect URIs**: `https://YOURAPPDOMAIN/auth/oidc.callback`
+
+`abra app deploy YOURAPPDOMAIN`