From 44c5adb02cd2eb0350ec71abbd3bf8e61503f230 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20B=C3=A4ck?= <jonas.c.back@gmail.com>
Date: Tue, 13 Aug 2024 12:52:12 +0300
Subject: [PATCH] Add instructions for setting up keycloak

---
 README.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/README.md b/README.md
index 7189ced..09fd0d6 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,30 @@ yarn
 yarn develop
 ```
 
+### Configuring keycloak
+
+To allow for single-sign on with other systems, TF identifies end-users with keycloak.
+
+1. Create a keycloak client (or look up the existing strapi client) at keycloak admin console -> Realms -> tf-medlemmar -> clients -> Create client
+2. Give the client an ID and configure relevant URL:s as follows:
+   1. Root URL: the root of your strapi instance, e.g. https://cms.tf.fi
+   2. Home URL: the root of your frontend client, e.g. https://tf.fi
+   3. Valid redirect URIs & Valid post logout redirect URIs: frontend keycloak callback path, e.g. https://tf.fi/api/auth/callback/keycloak
+   4. Web origins: allowed CORS origins, should have both the frontend and strapi origin, e.g. https://tf.fi & https://cms.tf.fi
+3. Set Capability config settings:
+   1. Client authentication: On
+   2. Authorization: Off
+   3. Authentication flow: Enable standard flow, disable all other flows.
+4. Configure credentials:
+   1. Client Authenticator: Client Id and Secret
+   2. Generate Client secret
+5. Set the recently defined keycloak variables in strapi under Settings -> Providers -> keycloak as follows:
+   1. Enable: true
+   2. Client ID: client ID from keycloak (step 2.)
+   3. Client secret fron keycloak (step 4.2)
+   4. Host URI (Subdomain): URI of the keycloak realm, e.g. id.tf.fi/realms/tf-medlemmar
+   5. The redirect URL to your front-end app: strapi keycloak callback, e.g. https://cms.tf.fi/api/auth/keycloak/callback
+
 ## Making changes to the production system
 
 1. Clone this repository