Identity providers on Cozystackhttps://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/oidc/identity_providers/Recent content in Identity providers on CozystackHugoenHow to configure GitLab as an Identity Providerhttps://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/oidc/identity_providers/gitlab/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/oidc/identity_providers/gitlab/<p>You can use Gitlab identity provider for Keycloak</p> <h3 id="overview">Overview</h3> <h2 id="create-application-in-gitlab">Create Application in Gitlab</h2> <ul> <li>Open <code>https://gitlab.com/groups/&lt;YOUR_GROUP&gt;/-/settings/applications</code></li> <li>Click <code>Add new application</code></li> <li>Name: cozy, Redirect URI: <code>https://keycloak.&lt;root-host&gt;/realms/cozy/broker/gitlab/endpoint</code></li> <li>Enable Confidential, api, read_api, read_user, openid, profile, email</li> <li>Copy and save Secret</li> </ul> <h2 id="configure-keycloak-identity-provider">Configure Keycloak Identity Provider</h2> <p>Create a <code>KeycloakRealmIdentityProvider</code> resource with the following configuration:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f0f0f0;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#062873;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>v1.edp.epam.com/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#062873;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>KeycloakRealmIdentityProvider<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#062873;font-weight:bold">metadata</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">name</span>:<span style="color:#bbb"> </span>gitlab<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#062873;font-weight:bold">spec</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">realmRef</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">name</span>:<span style="color:#bbb"> </span>keycloakrealm-cozy<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ClusterKeycloakRealm<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">alias</span>:<span style="color:#bbb"> </span>gitlab<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">authenticateByDefault</span>:<span style="color:#bbb"> </span><span style="color:#007020;font-weight:bold">false</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">enabled</span>:<span style="color:#bbb"> </span><span style="color:#007020;font-weight:bold">true</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">providerId</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;gitlab&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">config</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">clientId</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;YOUR GITLAB APP ID&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">clientSecret</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;YOUR GITLAB APP SECRET&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">syncMode</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;IMPORT&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">mappers</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#062873;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;username&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">identityProviderMapper</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;oidc-username-idp-mapper&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">identityProviderAlias</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;gitlab&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">config</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">target</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;LOCAL&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">syncMode</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;INHERIT&#34;</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#062873;font-weight:bold">template</span>:<span style="color:#bbb"> </span><span style="color:#4070a0">&#34;${ALIAS}---${CLAIM.preferred_username}&#34;</span><span style="color:#bbb"> </span></span></span></code></pre></div>How to configure Google as an Identity Providerhttps://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/oidc/identity_providers/google/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/oidc/identity_providers/google/<h2 id="configure-google">Configure Google</h2> <ul> <li> <p>Head over to <a href="https://console.cloud.google.com/apis/dashboard" target="_blank">Google Console</a>, login in to the console using Google account and you will see Google Developer Console. Once logged in, head over the top left drop-down to create new project. <img src="https://deploy-preview-470--cozystack.netlify.app/img/oidc/identity_providers/google/1.jpeg" alt="1"></p> </li> <li> <p>Click on &ldquo;New Project&rdquo; to proceed. <img src="https://deploy-preview-470--cozystack.netlify.app/img/oidc/identity_providers/google/2.jpeg" alt="2"></p> </li> <li> <p>Enter the project name of your choice and select the Organisation if you have multiple organisations. Once done click on &ldquo;Create&rdquo; <img src="https://deploy-preview-470--cozystack.netlify.app/img/oidc/identity_providers/google/3.jpeg" alt="3"></p> </li> <li> <p>Once the project is created you will get a pop-up suggesting to configure the consent screen. If not then head over to the Dashboard and head over to &ldquo;Explore and enable APIs&rdquo; options. Then Click on &ldquo;Credentials&rdquo; &gt; &ldquo;Configure Consent Screen&rdquo; and head over to the next step. <img src="https://deploy-preview-470--cozystack.netlify.app/img/oidc/identity_providers/google/4.jpeg" alt="4"></p>