🔀 Merge pull request #1101 from marekful/FEATURE/pass-idp-hint-to-keycloak-auth

[FEATURE/IMPROVEMENT] Pass 'IdP Hint' to Keycloak
This commit is contained in:
Alicia Sykes 2023-02-12 16:23:24 +00:00 committed by GitHub
commit ba6fa376a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 14 additions and 7 deletions

View File

@ -164,6 +164,8 @@ appConfig:
Note that if you are using Keycloak V 17 or older, you will also need to set `legacySupport: true` (also under `appConfig.auth.keycloak`). This is because the API endpoint was updated in later versions.
If you use Keycloak with an external Identity Provier, you can set the `idpHint: 'alias-of-kc-idp'` option to allow the IdP Hint to be passed to Keycloak. This will cause Keycloak to skip its login page and redirect the user directly to the specified IdP's login page. Set to the value of the 'Alias' field of the desired IdP as defined in Keycloak under 'Identity Providers'.
### 4. Add groups and roles (Optional)
Keycloak allows you to assign users roles and groups. You can use these values to configure who can access various sections or items in Dashy.

View File

@ -27,7 +27,7 @@
"express": "^4.17.2",
"frappe-charts": "^1.6.2",
"js-yaml": "^4.1.0",
"keycloak-js": "^16.1.1",
"keycloak-js": "^20.0.3",
"register-service-worker": "^1.7.2",
"remedial": "^1.0.8",
"rsup-progress": "^3.0.0",

View File

@ -481,6 +481,11 @@
"type": "string",
"description": "The Client ID of the client you created for use with Dashy"
},
"idpHint": {
"title" : "IdP hint",
"type": "string",
"description": "Set to the 'Alias' of an existing Identity Provider in the specified realm to skip the Keycloak login page and redirect straight to the external IdP for authentication"
},
"legacySupport": {
"title": "Legacy Support",
"type": "boolean",

View File

@ -13,25 +13,25 @@ class KeycloakAuth {
constructor() {
const { auth } = getAppConfig();
const {
serverUrl, realm, clientId, legacySupport,
serverUrl, realm, clientId, idpHint, legacySupport,
} = auth.keycloak;
const url = legacySupport ? `${serverUrl}/auth` : serverUrl;
const initOptions = {
url, realm, clientId, onLoad: 'login-required',
};
const initOptions = { url, realm, clientId };
const loginOptions = idpHint ? { idpHint } : {};
this.loginOptions = loginOptions;
this.keycloakClient = Keycloak(initOptions);
}
login() {
return new Promise((resolve, reject) => {
this.keycloakClient.init({ onLoad: 'login-required' })
this.keycloakClient.init({ onLoad: 'check-sso' })
.then((auth) => {
if (auth) {
this.storeKeycloakInfo();
return resolve();
} else {
return reject(new Error('Not authenticated'));
return this.keycloakClient.login(this.loginOptions);
}
})
.catch((reason) => reject(reason));