1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-05 02:28:00 +01:00
vaultwarden/docker/keycloak
2024-06-25 18:57:32 +02:00
..
.env.template Improvements and error handling 2024-06-25 18:57:32 +02:00
docker-compose.yml Improvements and error handling 2024-06-25 18:57:32 +02:00
keycloak_setup.sh Improvements and error handling 2024-06-25 18:57:32 +02:00
README.md Improvements and error handling 2024-06-25 18:57:32 +02:00
vaultwarden.sh Improvements and error handling 2024-06-25 18:57:32 +02:00

OpenID Connect test setup

This docker-compose template allow to run locally a VaultWarden and Keycloak instance to test OIDC.

Usage

You'll need docker and docker-compose (cf).

First create a copy of .env.template as .env (This is done to prevent commiting your custom settings, Ex SMTP_).

Then start the stack (the profile is required to run the VaultWarden) :

> DOCKER_BUILDKIT=1 docker-compose --profile VaultWarden up
....
keycloakSetup_1  | Logging into http://127.0.0.1:8080 as user admin of realm master
keycloakSetup_1  | Created new realm with id 'test'
keycloakSetup_1  | 74af4933-e386-4e64-ba15-a7b61212c45e
oidc_keycloakSetup_1 exited with code 0

Wait until oidc_keycloakSetup_1 exited with code 0 which indicate the correct setup of the Keycloak realm, client and user (It's normal for this container to stop once the configuration is done).

Then you can access :

To proceed with an SSO login after you enter the email, on the screen prompting for Master Password the SSO button should be visible.

Running only Keycloak

Since the VaultWarden service is defined with a profile you can just use the default docker-compose command :

> docker-compose up

When running with a local VaultWarden you'll need to make the SSO button visible using :

sed -i 's#a\[routerlink="/sso"\],##' /web-vault/app/main.*.css

Otherwise you'll need to reveal the SSO login button using the debug console (F12)

document.querySelector('a[routerlink="/sso"]').style.setProperty("display", "inline-block", "important");

To force rebuilding the VaultWarden image

Use DOCKER_BUILDKIT=1 docker-compose --profile VaultWarden up --build VaultWarden.

If after building the Keycloak configuration is not run, just interrupt and run without --build

Configuration

All configuration for keycloak / VaultWarden / keycloak_setup.sh can be found in .env. The content of the file will be loaded as environment variables in all containers.

  • keycloak configuration include KEYCLOAK_ADMIN / KEYCLOAK_ADMIN_PASSWORD and any variable prefixed KC_ (more information).
  • All VaultWarden configuration can be set (EX: SMTP_*)

Cleanup

Use docker-compose --profile VaultWarden down.