For local testing I do use geonode paver on port 8000 and a Keycloak server started with docker on port 8090:
docker run -p 8090:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1
https://www.keycloak.org/getting-started/getting-started-docker
- create a new realm to group our new app and users
marsianer - if needed allow user registration in
Realm Settings -> User registration - for testing create a new user
Manage UsersToni/Toni, User Enabled -> ON - create a new client
Configure->Clients->createwith ACCESS TYPE -> confidental (A) - save and copy the Secret from Credentials Tab (A)
(A)
In your settings add keycloak as provider
# Uncomment this to enable Linkedin and Facebook login
INSTALLED_APPS += (
'allauth.socialaccount.providers.keycloak', # changed
)
SOCIALACCOUNT_PROVIDERS = { # changed
'keycloak': {
'KEYCLOAK_URL': 'http://127.0.0.1:8090/auth',
'KEYCLOAK_REALM': 'marsianer'
},
}
Next Login to Django Admin and add a new Social App (B):
- Provider: Keycloack
- Name Keycloak
- Client id:
geonode-localthe name of your keycloak app - Secret Key: <the copied secret from your app
(B)
After that you get a new Login Option for (Keycloack) (C). This button should redirect to your realm login. If you provide correct credentials we're redirected to GeoNode as a logged in User.
(C)
- Describe LDAP integreation with keycloak
- Add a SOCIALACCOUNT_PROFILE_EXTRACTORS for keycloak to geonode
- Test a production setup
(A)
