Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-08-20 02:45:25 +02:00

Verlauf

Timshel 331a3beb55 Toggle SSO button depending on SSO_ENABLED in docker start		2024-06-25 18:57:32 +02:00
..
.env.template	Improvements and error handling	2024-06-25 18:57:32 +02:00
docker-compose.yml	Toggle SSO button depending on SSO_ENABLED in docker start	2024-06-25 18:57:32 +02:00
keycloak_setup.sh	Improvements and error handling	2024-06-25 18:57:32 +02:00
README.md	Improvements and error handling	2024-06-25 18:57:32 +02:00

README.md

OpenID Connect test setup

This docker-compose template allow to run locally a VaultWarden and Keycloak instance to test OIDC.

Usage

You'll need docker and docker-compose (cf).

First create a copy of .env.template as .env (This is done to prevent commiting your custom settings, Ex SMTP_).

Then start the stack (the profile is required to run the VaultWarden) :

> DOCKER_BUILDKIT=1 docker-compose --profile VaultWarden up
....
keycloakSetup_1  | Logging into http://127.0.0.1:8080 as user admin of realm master
keycloakSetup_1  | Created new realm with id 'test'
keycloakSetup_1  | 74af4933-e386-4e64-ba15-a7b61212c45e
oidc_keycloakSetup_1 exited with code 0

Wait until oidc_keycloakSetup_1 exited with code 0 which indicate the correct setup of the Keycloak realm, client and user (It's normal for this container to stop once the configuration is done).

Then you can access :

VaultWarden on http://127.0.0.1:8000 with the default user test@yopmail.com/test.
Keycloak on http://127.0.0.1:8080/admin/master/console/ with the default user admin/admin

To proceed with an SSO login after you enter the email, on the screen prompting for Master Password the SSO button should be visible.

Running only Keycloak

Since the VaultWarden service is defined with a profile you can just use the default docker-compose command :

> docker-compose up

When running with a local VaultWarden you'll need to make the SSO button visible using :

sed -i 's#a\[routerlink="/sso"\],##' /web-vault/app/main.*.css

Otherwise you'll need to reveal the SSO login button using the debug console (F12)

document.querySelector('a[routerlink="/sso"]').style.setProperty("display", "inline-block", "important");

To force rebuilding the VaultWarden image

Use DOCKER_BUILDKIT=1 docker-compose --profile VaultWarden up --build VaultWarden.

If after building the Keycloak configuration is not run, just interrupt and run without --build

Configuration

All configuration for keycloak / VaultWarden / keycloak_setup.sh can be found in .env. The content of the file will be loaded as environment variables in all containers.

keycloak configuration include KEYCLOAK_ADMIN / KEYCLOAK_ADMIN_PASSWORD and any variable prefixed KC_ (more information).
All VaultWarden configuration can be set (EX: SMTP_*)

Cleanup

Use docker-compose --profile VaultWarden down.