1
0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2026-07-12 07:03:07 +00:00

Fix more broken links, add lazy-loading to images

This commit is contained in:
David Young
2022-07-10 11:01:46 +12:00
parent 635b43afb2
commit 76e919afe9
78 changed files with 166 additions and 155 deletions
@@ -24,11 +24,11 @@ You start in the "Master" realm - but mouseover the realm name, to a dropdown bo
### Create Realm
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-1.png)
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-1.png){ loading=lazy }
Enter a name for your new realm, and click "_Create_":
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-2.png)
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-2.png){ loading=lazy }
### Setup User Federation
@@ -44,7 +44,7 @@ Once in the desired realm, click on **User Federation**, and click **Add Provide
Save your changes, and then navigate back to "User Federation" > Your LDAP name > Mappers:
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-3.png)
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-3.png){ loading=lazy }
For each of the following mappers, click the name, and set the "_Read Only_" flag to "_Off_" (_this enables 2-way sync between KeyCloak and OpenLDAP_)
@@ -53,7 +53,7 @@ For each of the following mappers, click the name, and set the "_Read Only_" fla
* email
* first name
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-4.png)
![KeyCloak Add Realm Screenshot](/images/sso-stack-keycloak-4.png){ loading=lazy }
## Summary
+3 -3
View File
@@ -16,17 +16,17 @@ Existing:
Within the "Master" realm (_no need for more realms yet_), navigate to **Manage** -> **Users**, and then click **Add User** at the top right:
![Navigating to the add user interface in Keycloak](/images/keycloak-add-user-1.png)
![Navigating to the add user interface in Keycloak](/images/keycloak-add-user-1.png){ loading=lazy }
Populate your new user's username (it's the only mandatory field)
![Populating a username in the add user interface in Keycloak](/images/keycloak-add-user-2.png)
![Populating a username in the add user interface in Keycloak](/images/keycloak-add-user-2.png){ loading=lazy }
### Set User Credentials
Once your user is created, to set their password, click on the "**Credentials**" tab, and procede to reset it. Set the password to non-temporary, unless you like extra work!
![Resetting a user's password in Keycloak](/images/keycloak-add-user-3.png)
![Resetting a user's password in Keycloak](/images/keycloak-add-user-3.png){ loading=lazy }
## Summary
+1 -1
View File
@@ -8,7 +8,7 @@ description: Kick-ass OIDC and identity management
KeyCloak's OpenID provider can also be used in combination with [Traefik Forward Auth](/docker-swarm/traefik-forward-auth/), to protect [vulnerable services](/recipes/autopirate/nzbget/) with an extra layer of authentication.
![KeyCloak Screenshot](../../images/keycloak.png)
![KeyCloak Screenshot](../../images/keycloak.png){ loading=lazy }
--8<-- "recipe-standard-ingredients.md"
@@ -22,11 +22,11 @@ Having an authentication provider is not much use until you start authenticating
Within the "Master" realm (*no need for more realms yet*), navigate to **Clients**, and then click **Create** at the top right:
![Navigating to the add user interface in Keycloak](/images/keycloak-add-client-1.png)
![Navigating to the add user interface in Keycloak](/images/keycloak-add-client-1.png){ loading=lazy }
Enter a name for your client (*remember, we're authenticating **applications** now, not users, so use an application-specific name*):
![Adding a client in KeyCloak](/images/keycloak-add-client-2.png)
![Adding a client in KeyCloak](/images/keycloak-add-client-2.png){ loading=lazy }
### Configure Client
@@ -35,13 +35,13 @@ Once your client is created, set at **least** the following, and click **Save**
* **Access Type** : Confidential
* **Valid Redirect URIs** : <The URIs you want to protect\>
![Set KeyCloak client to confidential access type, add redirect URIs](/images/keycloak-add-client-3.png)
![Set KeyCloak client to confidential access type, add redirect URIs](/images/keycloak-add-client-3.png){ loading=lazy }
### Retrieve Client Secret
Now that you've changed the access type, and clicked **Save**, an additional **Credentials** tab appears at the top of the window. Click on the tab, and capture the KeyCloak-generated secret. This secret, plus your client name, is required to authenticate against KeyCloak via OIDC.
![Capture client secret from KeyCloak](/images/keycloak-add-client-4.png)
![Capture client secret from KeyCloak](/images/keycloak-add-client-4.png){ loading=lazy }
## Summary