Cli/ref/mw docker keycloak
mw docker keycloak
[edit]Keycloak service
Synopsis
[edit]
Keycloak service
[edit]Keycloak is an open source identity manager (IdM) that can be used to provide single-sign on. It supports OpenID Connect and SAML.
They keycloak service allows you to add, delete, list, and get metadata for keycloak realms, clients, and users.
Setting up MediaWiki with OpenID Connect
[edit]You will need to create a realm, a client, and at least one user as follows:
mw docker keycloak create
mw docker keycloak add realm <realmname>
mw docker keycloak add client <clientname> <realmname>
mw docker keycloak add user <username> <temporarypassword> <realmname>
where <realmname> is the name you choose for your realm, <clientname> is the name you choose for your client, <username> is the name you choose for your user, and <temporarypassword> is a temporary password that you will be asked to change at your first login.
Then, you will need to get the client secret that was assigned to your client:
mw docker keycloak get clientsecret <clientname> <realmname>
Using the client secret returned as <clientsecret> below, add the following to your LocalSettings.php:
wfLoadExtension('PluggableAuth');
wfLoadExtension('OpenIDConnect');
$wgPluggableAuth_Config = [
"Keycloak" => [
'plugin' => 'OpenIDConnect',
'data' => [
'providerURL' => 'http://keycloak.mwdd.localhost:8080/realms/<realmname>',
'clientID' => '<clientname>',
'clientsecret' => '<clientsecret>'
]
]
];
More Control
[edit]If you need finer-grained control of the keycloak service, you can use the exec command:
mw docker keycloak exec -- bash
to get a command line and then use the /opt/keycloak/bin/kcadm.sh commands shown in the Keycloak Admin CLI guide.
See Also
[edit]
Options inherited from parent commands
[edit] -c, --context string The context to use (default "default")
--help Help for this command
--no-interaction Do not ask any interactive questions
-v, --verbose count Increase output verbosity. Example: --verbose=2 or -vv
SEE ALSO
[edit]- mw docker - An advanced docker compose based development environment
- mw docker keycloak add - Add a keycloak realm, client, or user
- mw docker keycloak create - Create the containers
- mw docker keycloak delete - Delete keycloak realm, client, or user
- mw docker keycloak destroy - Destroy the containers
- mw docker keycloak exec - Execute a command in the main container
- mw docker keycloak get - Get metadata for keycloak realm, client, or user
- mw docker keycloak image - Interact with the image used for the service
- mw docker keycloak list - List keycloak realms, clients, or users
- mw docker keycloak start - Start the containers
- mw docker keycloak stop - Stop the containers