Skip to main content

Keycloak 提供商的用户和权限设置

¥Keycloak provider setup for Users & Permissions

本页面说明如何为 用户和权限功能 设置 Keycloak 提供程序。

¥The present page explains how to setup the Keycloak provider for the Users & Permissions feature.

Prerequisites

你已阅读 用户和权限提供商文档

¥You have read the Users & Permissions providers documentation.

Keycloak 配置

¥Keycloak configuration

注意

Keycloak 接受 localhost url。
不需要使用 ngrok

¥Keycloak accepts the localhost urls.
The use of ngrok is not needed.

  1. 访问你的 Keycloak 管理仪表板

    ¥Visit your Keycloak admin dashboard

  2. 如果你还没有字段,你需要创建一个字段

    ¥If you don't already have a realm, you'll want to create one

  3. 在你字段的“客户端”部分中,创建一个新客户端

    ¥In the Clients section of your realm, create a new client

  4. 在功能配置下,确保将 Client Authentication 设置为打开,以确保你可以创建私钥

    ¥Under the capability config, ensure you set Client Authentication to on to ensure you can create a private key

  5. 在访问设置下,确保设置以下值:

    ¥Under the access settings, ensure you set the following values:

    • 有效的重定向 URI:http://localhost:1337/api/connect/keycloak/callbackhttp://localhost:1337/api/connect/keycloak

      ¥Valid redirect URIs: http://localhost:1337/api/connect/keycloak/callback and http://localhost:1337/api/connect/keycloak

    • 允许的 Web 来源:http://localhost:3000http://localhost:1337

      ¥Allowed Web Origins: http://localhost:3000 and http://localhost:1337

  6. 在“客户端范围”部分中,确保将 emailprofile 范围设置为默认值

    ¥In the Client Scopes section, ensure you have the email and profile scopes set to default

  7. 在“客户端范围”部分中,确保将 openid 范围设置为默认值,如果没有,则需要在全局客户端范围中手动创建它

    ¥In the Client Scopes section, ensure you have the openid scope set to default, if you don't have this you will need to manually create it in the global Client Scopes

表带配置

¥Strapi configuration

  1. 访问用户和权限提供商设置页面位于 [http://localhost:1337/admin/settings/users-permissions/providers](http://localhost:1337/admin/settings/users-permissions/providers)

    ¥Visit the User & Permissions provider settings page at http://localhost:1337/admin/settings/users-permissions/providers

  2. 单击 Keycloak 提供商

    ¥Click on the Keycloak provider

  3. 填写信息:

    ¥Fill the information:

    • 使能够:ON

      ¥Enable: ON

    • 客户编号:<Your Keycloak Client ID>

      ¥Client ID: <Your Keycloak Client ID>

    • 客户秘密:<Your Keycloak Client Secret>

      ¥Client Secret: <Your Keycloak Client Secret>

    • 子域名:<Your Keycloak realm url>,例如 keycloak.example.com/realms/strapitestkeycloak.example.com/auth/realms/strapitest,前面不带协议

      ¥Subdomain: <Your Keycloak realm url>, example is either keycloak.example.com/realms/strapitest or keycloak.example.com/auth/realms/strapitest without the protocol before it

    • 前端应用的重定向 URL:http://localhost:3000/connect/keycloak/redirect

      ¥The redirect URL to your front-end app: http://localhost:3000/connect/keycloak/redirect

    • (可选)如果你有自定义 JWKS URL,请设置 JWKS URL,例如 https://keycloak.example.com/auth/realms/strapitest/protocol/openid-connect/certs

      ¥(Optional) Set the JWKS URL if you have a custom JWKS URL, example is like https://keycloak.example.com/auth/realms/strapitest/protocol/openid-connect/certs

你的配置已完成。启动后端和 react login 示例应用,转到 http://localhost:3000 并尝试连接到你配置的提供商。

¥Your configuration is done. Launch the backend and the react login example application, go to http://localhost:3000 and try to connect to the provider you configured.