Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/lgdd/liferay-keycloak-demo

A pre-configured Docker Compose environment to demonstrate how to use Single Sign-On (SSO) on Liferay 7.4 using Keycloak as an OpenID Connect Provider (OIDC).
https://github.com/lgdd/liferay-keycloak-demo

keycloak liferay liferay-dxp liferay-portal oidc openid-connect sso

Last synced: 2 months ago
JSON representation

A pre-configured Docker Compose environment to demonstrate how to use Single Sign-On (SSO) on Liferay 7.4 using Keycloak as an OpenID Connect Provider (OIDC).

Awesome Lists containing this project

README 

        
# Liferay Keycloak Demo



A pre-configured Docker Compose environment to demonstrate how to use Single Sign-On (SSO) on Liferay 7.4.13 U55 using Keycloak as an OpenID Connect Provider (OIDC).



## Requirements



- Docker 19+



## Change Log



`4th April 2024`



- Updated Liferay version to Liferay 7.4.13 U112



`21th December 2020`



- Updated Liferay version to Liferay 7.4.13 U55 and added `netcat` to the image.



- The jboss/keycloak image does not seem to work on the Apple M1 chip, so this has been substituted with the quay.io/keycloak/keycloak image instead. This has lead to some configuration changes as well.



- The client secret can no longer be null / unset. This has been updated to be `liferay`. You can change this value to what ever you wish in the osgi/configs files.



- Updated keycloak configuration to reflect changes, i.e. OpenID Connect Urls and the environment variables for the initial admin account.



## Setup



Because Liferay communicate in the backend with Keycloak and also redirect the end user to it, you need to align hostname and port between Docker Compose and your host.

Thus, with this default configuration, you need to add `sso` as possible host from your localhost in `/etc/hosts` and be sure that the port `8080` is available.



If you want to test this setup with other Liferay editions / versions, you can change the Liferay base image in `docker-compose.yml`.



## Access



- Liferay: http://localhost

- Keycloak: http://sso:8080

- SMTP: http://localhost:5000



## Start up scenario



- Run `docker-compose up`

- When everything is ready, go http://localhost

- Click on `Sign in`, then `OpenID Connect` and `Sign in` again where you should see `Keycloak` as the only `OpenId Connect Provider Name` in the list.

- You should be redirected to http://sso:8080 (with more parameters, of course)

- Click `Register` to add a new user

- Fill out the form and save

- You should be redirected to Liferay where you're asked to verify your email

- Go to http://localhost:5000 and check for new messages

- You should have received the confirmation code

- Copy the code and past it on Liferay

- Now you should be logged in as your new user



## FAQ



### How do I access Keycloak admin console?

Go to http://sso:8080 and use the default credentials `admin`:`admin`.



### Can I map roles from Keycloak to Liferay?

You can do it through some development. You'll find an example and more information about this in [this repository](https://github.com/fabian-bouche-liferay/oidc-userinfo-mapping).



### Can I have a single button to connect to Keycloak?



Yes, you could use a Fragment such as this one: https://github.com/lgdd/openid-connect-single-button.



### Why can't I reach the database from my localhost?

By default, in `docker-compose.yml`, the port has not been forwarded to localhost. So you have to update the file, and do something like:

```

  db:

    image: mysql:8

    ports:

      - "3306:3306"

```

> Number on the left is the one you're forwarding to your localhost, so make sure it's not already taken and if so, choose another one.



### Why am I seeing the address already in use for port `5000`?



Since macOS Monterey, port `5000` is used by Content Center, more specially by a AirPlay Receiver.



Either disable the AirPlay Receiver via the System Preferences or change the port defined in the docker compose file for smtp4dev to another port, for example `5050`.



## License



[MIT](LICENSE)