Skip to main content

Keycloak(OpenID Connect)提供商 SSO 配置

¥Keycloak (OpenID Connect) provider SSO configuration

本页面说明如何为 单点登录 (SSO) 功能 设置 Keycloak 提供程序。

¥The present page explains how to setup the Keycloak provider for the Single Sign-On (SSO) feature.

Prerequisites

你已阅读 如何配置 SSO 指南

¥You have read the How to configure SSO guide.

安装

¥Installation

安装 passport-keycloak-oauth2-oidc :

¥Install passport-keycloak-oauth2-oidc :

yarn add passport-keycloak-oauth2-oidc

配置示例

¥Configuration example

Keycloak SSO 提供程序在 config/admin 文件auth.providers 数组中配置:

¥The Keycloak SSO provider is configured in the auth.providers array of the config/admin file:

/config/admin.js



const KeyCloakStrategy = require("passport-keycloak-oauth2-oidc");



module.exports = ({ env }) => ({
  auth: {
    // ...
    providers: [
      {
        uid: "keycloak",
        displayName: "Keycloak",
        icon: "https://raw.githubusercontent.com/keycloak/keycloak-admin-ui/main/themes/keycloak/logo.svg",
        createStrategy: (strapi) =>
          new KeyCloakStrategy(
            {
              clientID: env("KEYCLOAK_CLIENT_ID", ""),
              realm: env("KEYCLOAK_REALM", ""),
              publicClient: env.bool("KEYCLOAK_PUBLIC_CLIENT", false),
              clientSecret: env("KEYCLOAK_CLIENT_SECRET", ""),
              sslRequired: env("KEYCLOAK_SSL_REQUIRED", "external"),
              authServerURL: env("KEYCLOAK_AUTH_SERVER_URL", ""),
              callbackURL:
                strapi.admin.services.passport.getStrategyCallbackURL(
                  "keycloak"
                ),
            },
            (accessToken, refreshToken, profile, done) => {
              done(null, {
                email: profile.email,
                username: profile.username,
              });
            }
          ),
      },
    ],
  },
});