-
git clone https://github.com/wadmiraal/docker-drupal.git
-
cd docker-drupal
-
git checkout 7.x
-
docker build -t local/drupal7x .
-
docker run --name=drupal -d -p 8080:80 -p 8022:22 -t local/drupal7x
-
docker exec -it drupal bash
cd /var/www/sites/all/
drush dl openid_connect && drush en openid_connect
Special case: if you run keycloak on the host machine, you might need to allow docker containers to access the host machine with an additional iptables rule.
For adding the rule just run the following:
sudo iptables -A INPUT -i docker0 -j ACCEPT
you should be able to do a curl -v http://172.17.0.1:8081/auth
For deleting the rule just run:
sudo iptables -D INPUT -i docker0 -j ACCEPT
In my example I run the default KeycloakServer from the integration tests with
-Dkeycloak.bind.address=0.0.0.0 -Djava.net.preferIPv4Stack=true
Where the IP's are used as follows:
//172.17.0.1 -> IP of keycloak host
//172.17.0.2 -> IP of drupal container
Create a client for drupal with the following settings:
client id: drupal
client name: drupal
Client Protocol: openid-connect
Access type: confidential
Standard Flow Enabled: true
Valid redirect url: http://172.17.0.2:8080/*
Base URL: http://172.17.0.2:8080/
Web Origins: http://172.17.0.2:8080/*
username: test
firstname: Theo
lastname: Tester
Password: test
Tested with drupal (7.x).
in configuration -> web services -> openid_connect
Enabled OpenID Connect clients: select "generic"
clientid: drupal
client secret: 45acbe37-b05e-4aac-b721-d95abf27ad5a
Authorization endpoint: http://172.17.0.1:8081/auth/realms/master/protocol/openid-connect/auth
Token endpoint: http://172.17.0.1:8081/auth/realms/master/protocol/openid-connect/token
User Info endpoint: http://172.17.0.1:8081/auth/realms/master/protocol/openid-connect/userinfo
User claims mapping:
Time Zone: zoneinfo
structure -> blocks -> Disabled -> Select block "OpenID Connect login" -> add to sidebar first
To login simply point a browser to your drupal installation and click on "login with generic".
Hi Thomas, I have done what you sad.
I have a client with the following roles: "ACO - Editor" and "Equipe Web".
I have assigned that roles to specific groups: "ACO Editores" and "GTI Equipe Web".
And these groups to the correct users on Keycloak server.
The user is created but no role is assigned properly.
How can I trace it?
Thanks a ton.
Best Regards,
Ricardo Morais