Commit 2b439b81 authored by Frédéric Mangano-Tarumi's avatar Frédéric Mangano-Tarumi Committed by Lukas Fleischer
Browse files

Guide to setting up Keycloak for the SSO

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <>
parent 3b347d39
...@@ -20,7 +20,7 @@ aur_location = ...@@ -20,7 +20,7 @@ aur_location =
disable_http_login = 0 disable_http_login = 0
enable-maintenance = 0 enable-maintenance = 0
; Single sign-on ; Single sign-on; see doc/sso.txt.
[sso] [sso]
openid_configuration = openid_configuration =
client_id = aurweb client_id = aurweb
Single Sign-On (SSO)
This guide will walk you through setting up Keycloak for use with aurweb. For
extensive documentation, see <>.
Installing Keycloak
Keycloak is in the official Arch repositories:
# pacman -S keycloak
The default port is 8080, which conflicts with aurweb’s default port. You need
to edit `/etc/keycloak/standalone.xml`, looking for this line:
<socket-binding name="http" port="${jboss.http.port:8080}"/>
The default developer configuration assumes it is set to 8083. Alternatively,
you may customize [options] aur_location and [sso] openid_configuration in
You may then start `keycloak.service` through systemd.
See also ArchWiki <>.
Configuring a realm
Go to <> and log in as administrator. Then, hover the
text right below the Keycloak logo at the top left, by default *Master*. Click
*Add realm* and name it *aurweb*.
Open the *Clients* tab, and create a new *openid-connect* client. Call it
*aurweb*, and set the root URL to <> (your aur_location).
Create a user from the *Users* tab and try logging in from
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment