From 2c5daec25ee2c9118fa5fd028f17e0decb4a4f69 Mon Sep 17 00:00:00 2001 From: cicalese Date: Mon, 13 Jun 2022 09:41:57 -0400 Subject: [PATCH 1/5] Add keycloak commands and documentation --- internal/cmd/docker/keycloak.go | 266 ++++++++++++++++++ internal/cmd/docker/long/mwdd_keycloak.md | 49 ++++ internal/cmd/docker/root.go | 2 +- internal/mwdd/files/embed/files.txt | 4 + internal/mwdd/files/embed/keycloak.yml | 4 +- .../files/embed/keycloak/create_client.sh | 4 + .../mwdd/files/embed/keycloak/create_user.sh | 4 + .../files/embed/keycloak/get_client_secret.sh | 4 + internal/mwdd/files/embed/keycloak/login.sh | 3 + 9 files changed, 338 insertions(+), 2 deletions(-) create mode 100644 internal/cmd/docker/keycloak.go create mode 100644 internal/cmd/docker/long/mwdd_keycloak.md create mode 100644 internal/mwdd/files/embed/keycloak/create_client.sh create mode 100644 internal/mwdd/files/embed/keycloak/create_user.sh create mode 100644 internal/mwdd/files/embed/keycloak/get_client_secret.sh create mode 100644 internal/mwdd/files/embed/keycloak/login.sh diff --git a/internal/cmd/docker/keycloak.go b/internal/cmd/docker/keycloak.go new file mode 100644 index 0000000..b663555 --- /dev/null +++ b/internal/cmd/docker/keycloak.go @@ -0,0 +1,266 @@ +package docker + +import ( + _ "embed" + "github.com/spf13/cobra" + "gitlab.wikimedia.org/repos/releng/cli/internal/cli" + mwdd "gitlab.wikimedia.org/repos/releng/cli/internal/mwdd" +) + +//go:embed long/mwdd_keycloak.md +var mwddKeycloakLong string + +func NewKeycloakCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "keycloak", + Short: "Keycloak service", + Long: cli.RenderMarkdown(mwddKeycloakLong), + Aliases: []string{"kc"}, + } + cmd.AddCommand(mwdd.NewServiceCreateCmd("keycloak")) + cmd.AddCommand(mwdd.NewServiceDestroyCmd("keycloak")) + cmd.AddCommand(mwdd.NewServiceStopCmd("keycloak")) + cmd.AddCommand(mwdd.NewServiceStartCmd("keycloak")) + cmd.AddCommand(mwdd.NewServiceExecCmd("keycloak", "keycloak")) + cmd.AddCommand(NewKeycloakAddCmd()) + cmd.AddCommand(NewKeycloakListCmd()) + cmd.AddCommand(NewKeycloakGetCmd()) + return cmd +} + +func NewKeycloakAddCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "add", + Short: "Add a keycloak realm, client, or user", + } + cmd.AddCommand(NewKeycloakAddRealmCmd()) + cmd.AddCommand(NewKeycloakAddClientCmd()) + cmd.AddCommand(NewKeycloakAddUserCmd()) + return cmd +} + +func NewKeycloakAddRealmCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "realm ", + Short: "Add a keycloak realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "create", + "realms", + "--set", "enabled=true", + "--set", "realm=" + args[0], + }, "root") + }, + } + return cmd +} + +func NewKeycloakAddClientCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "client ", + Short: "Add a keycloak client to a realm", + Args: cobra.MinimumNArgs(2), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/mwdd/create_client.sh", + args[0], + args[1], + }, "root") + }, + } + return cmd +} + +func NewKeycloakAddUserCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "user ", + Short: "Add a keycloak user to a realm with a temporary password", + Args: cobra.MinimumNArgs(3), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/mwdd/create_user.sh", + args[0], + args[1], + args[2], + }, "root") + }, + } + return cmd +} + +func NewKeycloakListCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "list", + Short: "List keycloak realms, clients, or users", + } + cmd.AddCommand(NewKeycloakListRealmsCmd()) + cmd.AddCommand(NewKeycloakListClientsCmd()) + cmd.AddCommand(NewKeycloakListUsersCmd()) + return cmd +} + +func NewKeycloakListRealmsCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "realms", + Short: "List keycloak realms", + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "get", + "realms", + "--fields", "realm", + "--format", "csv", + "--noquotes", + }, "root") + }, + } + return cmd +} + +func NewKeycloakListClientsCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "clients ", + Short: "List keycloak clients in a realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "get", + "clients", + "--target-realm", args[0], + "--fields", "clientId", + "--format", "csv", + "--noquotes", + }, "root") + }, + } + return cmd +} + +func NewKeycloakListUsersCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "users ", + Short: "List keycloak users in a realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "get", + "users", + "--target-realm", args[0], + "--fields", "username", + "--format", "csv", + "--noquotes", + }, "root") + }, + } + return cmd +} + +func NewKeycloakGetCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "get", + Short: "Get metadata for keycloak realm, client, or user", + } + cmd.AddCommand(NewKeycloakGetRealmCmd()) + cmd.AddCommand(NewKeycloakGetClientCmd()) + cmd.AddCommand(NewKeycloakGetClientSecretCmd()) + cmd.AddCommand(NewKeycloakGetUserCmd()) + return cmd +} + +func NewKeycloakGetRealmCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "realm ", + Short: "Get metadata for keycloak realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "get", + "realms/" + args[0], + }, "root") + }, + } + return cmd +} + +func NewKeycloakGetClientCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "client ", + Short: "Get metadata for keycloak client in a realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "get", + "clients", + "--query", "clientId=" + args[0], + "--target-realm", args[1], + }, "root") + }, + } + return cmd +} + +func NewKeycloakGetClientSecretCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "clientsecret ", + Short: "Get client secret for keycloak client in a realm", + Args: cobra.MinimumNArgs(2), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/mwdd/get_client_secret.sh", + args[0], + args[1], + }, "root") + }, + } + return cmd +} + +func NewKeycloakGetUserCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "user ", + Short: "Get metadata for keycloak user in a realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "get", + "users", + "--query", "username=" + args[0], + "--target-realm", args[1], + }, "root") + }, + } + return cmd +} + +func KeycloakLogin() { + mwdd.DefaultForUser().ExecNoOutput("keycloak", []string{ + "/mwdd/login.sh", + }, "root") +} diff --git a/internal/cmd/docker/long/mwdd_keycloak.md b/internal/cmd/docker/long/mwdd_keycloak.md new file mode 100644 index 0000000..83f3880 --- /dev/null +++ b/internal/cmd/docker/long/mwdd_keycloak.md @@ -0,0 +1,49 @@ +# Keycloak service + +[Keycloak](https://www.keycloak.org/) is an identity manager (IdM) that can be used to provide single-sign on. +It supports OpenID Connect and SAML. + +## Setting up MediaWiki with OpenID Connect + +You will need to create a realm, a client, and at least one user: + +```bash +mw docker keycloak create +mw docker keycloak add realm +mw docker keycloak add client +mw docker keycloak add user +``` + +where is the name you choose for your realm, is the name +you choose for your client, is the name you choose for your user, and + is a temporary password that you will be asked to change at your +first login. + +Then, you will need to get the client secret that was assigned to your client: + +```bash +mw docker keycloak get clientsecret +``` +Then, using that client secret for below, add the following to your +LocalSettings.php: + +```php +wfLoadExtension('PluggableAuth'); +wfLoadExtension('OpenIDConnect'); +$wgPluggableAuth_Config = [ + "Keycloak" => [ + 'plugin' => 'OpenIDConnect', + 'data' => [ + 'providerURL' => 'http://keycloak.mwdd.localhost:8080/realms/', + 'clientID' => '', + 'clientsecret' => '' + ] + ] +]; +``` + +## Documentation + +- [Keycloak](https://www.keycloak.org/docs/latest/server_admin/) +- [PluggableAuth](https://www.mediawiki.org/wiki/Extension:PluggableAuth) +- [OpenID Connect](https://www.mediawiki.org/wiki/Extension:OpenID_Connect) \ No newline at end of file diff --git a/internal/cmd/docker/root.go b/internal/cmd/docker/root.go index 8870bf8..4449dd2 100644 --- a/internal/cmd/docker/root.go +++ b/internal/cmd/docker/root.go @@ -139,7 +139,7 @@ func NewCmd() *cobra.Command { cmd.AddCommand(mwdd.NewServiceCmd("phpmyadmin", "", []string{"ppma"})) cmd.AddCommand(mwdd.NewServiceCmd("postgres", "", []string{})) - cmd.AddCommand(mwdd.NewServiceCmd("keycloak", "", []string{})) + cmd.AddCommand(NewKeycloakCmd()) cmd.AddCommand(NewShellboxCmd()) diff --git a/internal/mwdd/files/embed/files.txt b/internal/mwdd/files/embed/files.txt index 2aacb44..61d43a9 100644 --- a/internal/mwdd/files/embed/files.txt +++ b/internal/mwdd/files/embed/files.txt @@ -6,6 +6,10 @@ ./files.txt ./graphite.yml ./keycloak.yml +./keycloak/create_client.sh +./keycloak/create_user.sh +./keycloak/get_client_secret.sh +./keycloak/login.sh ./mailhog.yml ./mediawiki-fresh.yml ./mediawiki-quibble.yml diff --git a/internal/mwdd/files/embed/keycloak.yml b/internal/mwdd/files/embed/keycloak.yml index 7bf4712..0d4c66c 100644 --- a/internal/mwdd/files/embed/keycloak.yml +++ b/internal/mwdd/files/embed/keycloak.yml @@ -1,10 +1,12 @@ version: '3.7' services: - keycloak.mwdd.localhost: + keycloak: image: "${KEYCLOAK_IMAGE:-quay.io/keycloak/keycloak:18.0.0}" restart: unless-stopped entrypoint: /opt/keycloak/bin/kc.sh start-dev + volumes: + - ./keycloak:/mwdd:ro environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin diff --git a/internal/mwdd/files/embed/keycloak/create_client.sh b/internal/mwdd/files/embed/keycloak/create_client.sh new file mode 100644 index 0000000..eb1cd4a --- /dev/null +++ b/internal/mwdd/files/embed/keycloak/create_client.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +CID=$(/opt/keycloak/bin/kcadm.sh create clients --target-realm $2 --set clientId=$1 --set 'redirectUris=["http://*"]' --id) +/opt/keycloak/bin/kcadm.sh create clients/${CID}/client-secret --target-realm $2 \ No newline at end of file diff --git a/internal/mwdd/files/embed/keycloak/create_user.sh b/internal/mwdd/files/embed/keycloak/create_user.sh new file mode 100644 index 0000000..025c940 --- /dev/null +++ b/internal/mwdd/files/embed/keycloak/create_user.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +/opt/keycloak/bin/kcadm.sh create users --target-realm $3 --set username=$1 --set enabled=true +/opt/keycloak/bin/kcadm.sh set-password --target-realm $3 --username $1 --new-password $2 --temporary diff --git a/internal/mwdd/files/embed/keycloak/get_client_secret.sh b/internal/mwdd/files/embed/keycloak/get_client_secret.sh new file mode 100644 index 0000000..1fd1e30 --- /dev/null +++ b/internal/mwdd/files/embed/keycloak/get_client_secret.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +CID=$(/opt/keycloak/bin/kcadm.sh get clients --target-realm $2 --fields id -q clientId=$1 --format csv --noquotes) +/opt/keycloak/bin/kcadm.sh get clients/${CID}/client-secret --target-realm $2 --fields value --format csv --noquotes \ No newline at end of file diff --git a/internal/mwdd/files/embed/keycloak/login.sh b/internal/mwdd/files/embed/keycloak/login.sh new file mode 100644 index 0000000..6ccea03 --- /dev/null +++ b/internal/mwdd/files/embed/keycloak/login.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user ${KEYCLOAK_ADMIN} --password ${KEYCLOAK_ADMIN_PASSWORD} -- GitLab From 946ebd048af1f5970a57f19e94413a00880c673f Mon Sep 17 00:00:00 2001 From: cicalese Date: Mon, 13 Jun 2022 10:30:47 -0400 Subject: [PATCH 2/5] Fix linter error --- internal/cmd/docker/keycloak.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/cmd/docker/keycloak.go b/internal/cmd/docker/keycloak.go index b663555..eff7105 100644 --- a/internal/cmd/docker/keycloak.go +++ b/internal/cmd/docker/keycloak.go @@ -2,6 +2,7 @@ package docker import ( _ "embed" + "github.com/spf13/cobra" "gitlab.wikimedia.org/repos/releng/cli/internal/cli" mwdd "gitlab.wikimedia.org/repos/releng/cli/internal/mwdd" -- GitLab From d5d72c9486fdc3c174e1ad1b23184bab145ef9da Mon Sep 17 00:00:00 2001 From: cicalese Date: Mon, 13 Jun 2022 18:56:51 -0400 Subject: [PATCH 3/5] Add delete commands --- internal/cmd/docker/keycloak.go | 70 ++++++++++++++++++- internal/mwdd/files/embed/files.txt | 2 + .../files/embed/keycloak/delete_client.sh | 4 ++ .../mwdd/files/embed/keycloak/delete_user.sh | 4 ++ 4 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 internal/mwdd/files/embed/keycloak/delete_client.sh create mode 100644 internal/mwdd/files/embed/keycloak/delete_user.sh diff --git a/internal/cmd/docker/keycloak.go b/internal/cmd/docker/keycloak.go index eff7105..7cb079c 100644 --- a/internal/cmd/docker/keycloak.go +++ b/internal/cmd/docker/keycloak.go @@ -24,6 +24,7 @@ func NewKeycloakCmd() *cobra.Command { cmd.AddCommand(mwdd.NewServiceStartCmd("keycloak")) cmd.AddCommand(mwdd.NewServiceExecCmd("keycloak", "keycloak")) cmd.AddCommand(NewKeycloakAddCmd()) + cmd.AddCommand(NewKeycloakDeleteCmd()) cmd.AddCommand(NewKeycloakListCmd()) cmd.AddCommand(NewKeycloakGetCmd()) return cmd @@ -97,6 +98,71 @@ func NewKeycloakAddUserCmd() *cobra.Command { return cmd } +func NewKeycloakDeleteCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "delete", + Short: "Delete keycloak realm, client, or user", + } + cmd.AddCommand(NewKeycloakDeleteRealmCmd()) + cmd.AddCommand(NewKeycloakDeleteClientCmd()) + cmd.AddCommand(NewKeycloakDeleteUserCmd()) + return cmd +} + +func NewKeycloakDeleteRealmCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "realm ", + Short: "Delete keycloak realm", + Args: cobra.MinimumNArgs(1), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/opt/keycloak/bin/kcadm.sh", + "delete", + "realms/" + args[0], + }, "root") + }, + } + return cmd +} + +func NewKeycloakDeleteClientCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "client ", + Short: "Delete keycloak client in a realm", + Args: cobra.MinimumNArgs(2), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/mwdd/delete_client.sh", + args[0], + args[1], + }, "root") + }, + } + return cmd +} + +func NewKeycloakDeleteUserCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "user ", + Short: "Delete keycloak user in a realm", + Args: cobra.MinimumNArgs(2), + Run: func(cmd *cobra.Command, args []string) { + mwdd.DefaultForUser().EnsureReady() + KeycloakLogin() + mwdd.DefaultForUser().Exec("keycloak", []string{ + "/mwdd/delete_user.sh", + args[0], + args[1], + }, "root") + }, + } + return cmd +} + func NewKeycloakListCmd() *cobra.Command { cmd := &cobra.Command{ Use: "list", @@ -206,7 +272,7 @@ func NewKeycloakGetClientCmd() *cobra.Command { cmd := &cobra.Command{ Use: "client ", Short: "Get metadata for keycloak client in a realm", - Args: cobra.MinimumNArgs(1), + Args: cobra.MinimumNArgs(2), Run: func(cmd *cobra.Command, args []string) { mwdd.DefaultForUser().EnsureReady() KeycloakLogin() @@ -244,7 +310,7 @@ func NewKeycloakGetUserCmd() *cobra.Command { cmd := &cobra.Command{ Use: "user ", Short: "Get metadata for keycloak user in a realm", - Args: cobra.MinimumNArgs(1), + Args: cobra.MinimumNArgs(2), Run: func(cmd *cobra.Command, args []string) { mwdd.DefaultForUser().EnsureReady() KeycloakLogin() diff --git a/internal/mwdd/files/embed/files.txt b/internal/mwdd/files/embed/files.txt index 61d43a9..17e8786 100644 --- a/internal/mwdd/files/embed/files.txt +++ b/internal/mwdd/files/embed/files.txt @@ -8,6 +8,8 @@ ./keycloak.yml ./keycloak/create_client.sh ./keycloak/create_user.sh +./keycloak/delete_client.sh +./keycloak/delete_user.sh ./keycloak/get_client_secret.sh ./keycloak/login.sh ./mailhog.yml diff --git a/internal/mwdd/files/embed/keycloak/delete_client.sh b/internal/mwdd/files/embed/keycloak/delete_client.sh new file mode 100644 index 0000000..bd6ed5c --- /dev/null +++ b/internal/mwdd/files/embed/keycloak/delete_client.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +CID=$(/opt/keycloak/bin/kcadm.sh get clients --target-realm $2 --fields id -q clientId=$1 --format csv --noquotes) +/opt/keycloak/bin/kcadm.sh delete clients/${CID} --target-realm $2 \ No newline at end of file diff --git a/internal/mwdd/files/embed/keycloak/delete_user.sh b/internal/mwdd/files/embed/keycloak/delete_user.sh new file mode 100644 index 0000000..eb2a252 --- /dev/null +++ b/internal/mwdd/files/embed/keycloak/delete_user.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +USERID=$(/opt/keycloak/bin/kcadm.sh get users --target-realm $2 --fields id -q username=$1 --format csv --noquotes) +/opt/keycloak/bin/kcadm.sh delete users/${USERID} --target-realm $2 \ No newline at end of file -- GitLab From cd8146339f180086c401024d416eb37ce1cc1cf9 Mon Sep 17 00:00:00 2001 From: cicalese Date: Mon, 13 Jun 2022 19:10:17 -0400 Subject: [PATCH 4/5] Update documentation. --- internal/cmd/docker/long/mwdd_keycloak.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/internal/cmd/docker/long/mwdd_keycloak.md b/internal/cmd/docker/long/mwdd_keycloak.md index 83f3880..9038f2c 100644 --- a/internal/cmd/docker/long/mwdd_keycloak.md +++ b/internal/cmd/docker/long/mwdd_keycloak.md @@ -1,7 +1,10 @@ # Keycloak service -[Keycloak](https://www.keycloak.org/) is an identity manager (IdM) that can be used to provide single-sign on. -It supports OpenID Connect and SAML. +[Keycloak](https://www.keycloak.org/) is an open source identity manager (IdM) that can be used to +provide single-sign on. It supports OpenID Connect and SAML. + +They keycloak service allows you to add, delete, list, and get metadata for keycloak +realms, clients, and users. ## Setting up MediaWiki with OpenID Connect @@ -14,9 +17,9 @@ mw docker keycloak add client mw docker keycloak add user ``` -where is the name you choose for your realm, is the name -you choose for your client, is the name you choose for your user, and - is a temporary password that you will be asked to change at your +where <realmname> is the name you choose for your realm, <clientname> is the name +you choose for your client, <username> is the name you choose for your user, and +<temporarypassword> is a temporary password that you will be asked to change at your first login. Then, you will need to get the client secret that was assigned to your client: @@ -24,7 +27,8 @@ Then, you will need to get the client secret that was assigned to your client: ```bash mw docker keycloak get clientsecret ``` -Then, using that client secret for below, add the following to your + +Using that client secret for <clientsecret> below, add the following to your LocalSettings.php: ```php -- GitLab From 6969fc675da588829f0b5894469124eb043d232b Mon Sep 17 00:00:00 2001 From: cicalese Date: Mon, 13 Jun 2022 19:39:53 -0400 Subject: [PATCH 5/5] Add instructions for kcadm.sh commands --- internal/cmd/docker/long/mwdd_keycloak.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/internal/cmd/docker/long/mwdd_keycloak.md b/internal/cmd/docker/long/mwdd_keycloak.md index 9038f2c..a1e3aa4 100644 --- a/internal/cmd/docker/long/mwdd_keycloak.md +++ b/internal/cmd/docker/long/mwdd_keycloak.md @@ -8,7 +8,7 @@ realms, clients, and users. ## Setting up MediaWiki with OpenID Connect -You will need to create a realm, a client, and at least one user: +You will need to create a realm, a client, and at least one user as follows: ```bash mw docker keycloak create @@ -25,10 +25,10 @@ first login. Then, you will need to get the client secret that was assigned to your client: ```bash -mw docker keycloak get clientsecret +mw docker keycloak get clientsecret ``` -Using that client secret for <clientsecret> below, add the following to your +Using the client secret returned as <clientsecret> below, add the following to your LocalSettings.php: ```php @@ -46,7 +46,19 @@ $wgPluggableAuth_Config = [ ]; ``` -## Documentation +## More Control + +If you need finer-grained control of the keycloak service, you can +use the exec command: + +```bash +mw docker keycloak exec -- bash +``` + +to get a command line and then use the ```/opt/keycloak/bin/kcadm.sh``` commands shown in +[the Keycloak Admin CLI guide](https://www.keycloak.org/docs/latest/server_admin/#admin-cli). + +## See Also - [Keycloak](https://www.keycloak.org/docs/latest/server_admin/) - [PluggableAuth](https://www.mediawiki.org/wiki/Extension:PluggableAuth) -- GitLab