geonode-keycloack.md

SSO - Authenticate GeoNode against a keycloack server

For local testing I do use geonode paver on port 8000 and a Keycloak server started with docker on port 8090:

docker run -p 8090:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1 https://www.keycloak.org/getting-started/getting-started-docker

A. On side of keycloack

1. create a new realm to group our new app and users marsianer
2. if needed allow user registration in Realm Settings -> User registration
3. for testing create a new user Manage Users Toni/Toni, User Enabled -> ON
4. create a new client Configure->Clients->create with ACCESS TYPE -> confidental (A)
5. save and copy the Secret from Credentials Tab (A)

(A)

B. On side of GeoNode

In your settings add keycloak as provider

# Uncomment this to enable Linkedin and Facebook login
INSTALLED_APPS += (
    'allauth.socialaccount.providers.keycloak', # changed
 )

SOCIALACCOUNT_PROVIDERS = { # changed
        'keycloak': {
        'KEYCLOAK_URL': 'http://127.0.0.1:8090/auth',
        'KEYCLOAK_REALM': 'marsianer'
    },
}

Next Login to Django Admin and add a new Social App (B):

• Provider: Keycloack
• Name Keycloak
• Client id: geonode-local the name of your keycloak app
• Secret Key: <the copied secret from your app

(B)

---

After that you get a new Login Option for (Keycloack) (C). This button should redirect to your realm login. If you provide correct credentials we're redirected to GeoNode as a logged in User.

---

(C)

C. TODO

• Describe LDAP integreation with keycloak
• Add a SOCIALACCOUNT_PROFILE_EXTRACTORS for keycloak to geonode
• Test a production setup

Hi t-book,

Thanks for this documentation.
How would we know the "secret key" and "key" when configuring django social application?