Skip to content

Howto add your application

Jump to bottom
Jeroen Baten edited this page Oct 17, 2022 · 1 revision

How to add your own application to the list of applications.

You can easily add your application to the list of supported applications yourself. (If you want me to do this, just contact me!)

If you want your application added to this list please follow these steps:

  1. Setup your own Keycloak server somewhere, anywhere
  2. If you are using OpenID Connect SSO, have a look at the way Xwiki is configured. If you are using SAML, have a look at the way Zabbix is configured.
  3. Setup your own applicationto SSO to the Keycloak server.
    • Create a 'client' on the Keycloak server that works.
    • Configure your application to authenticate to the Keycloak server.
  4. Now that you got this working, here's what you do next.
  5. Edit credentials in, and run the contrib/get-keycloak-client-list.sh script.
  6. If it works, redirect the output to some-file.
  7. Edit some-file and cut out the section of YOUR client definition to some-file-cutout
  8. Check correct syntax with 'cat some-file-cutout | jq .'
  9. If no errors, do it again and redict to some-file-nice-json
  10. Copy some-file-nice-json to the templates dir if this repository and give rename it to 'YOUR-APPLICATION-NAME-keycloak-sso.json.j2'
  11. Replace all relevant string in this template with variable names. Have a look at other templates for inspiration.
  12. Create your own 'install-YOUR-APPLICATION-NAME-sso.yml' playbook.
  13. Run your playbook. It will delete your current client definition and create a new one. Test it. Debug it.
  14. Git add your playbook, your template and additional files if needed.

Please try not to add files but have the correct versions downloaded at runtime.

Some variables that are often used:

  • "name": "{{ YOUR-APPLICATION-NAME_client_name }}",
  • "description": "{{ YOUR-APPLICATION-NAME_client_name }}",
  • "adminUrl": "{{ keycloak_server_url }}realms/{{ realm }}/protocol/saml/clients/YOUR-APPLICATION-NAME" SAML only
  • "clientId": "{{ YOUR-APPLICATION-NAME_client_id }}",
  • "rootUrl": "{{ YOUR-APPLICATION-NAME_server_url }}",

Some SAML related variables:

  • "saml.signing.certificate": "{{ sp_crt.stdout }}",
  • "saml.signing.private.key": "{{ sp_key.stdout }}",
  • "saml_assertion_consumer_url_post": "{{ YOUR-APPLICATION-NAME_server_url }}/apps/user_saml/saml/acs"

Sometimes you just need some random string or UUID in the template:

  • "saml.artifact.binding.identifier": "{{ lookup('community.general.random_string', length=20) | b64encode }}",
  • "id": "{{ lookup('community.general.random_string', length=20) | to_uuid }}",
Clone this wiki locally