search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.21k stars 5.5k forks source link

OIDC authentication using Keycloak Groups #19722

Open egevorkyan opened 2 years ago

egevorkyan commented 2 years ago

Description

I am able to login using Keycloak OIDC but

  1. Group claim is not working, so I am not able to grant users from keycloak as admin or usual users roles.

If you have some example how to configure Gitea to use keycloak please provide.

Gitea Version

1.16.7

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

I am running on Kubernetes

Database

PostgreSQL

techknowlogick commented 2 years ago

Not a bug, just a feature that hasn't been implemented.

Aeyk commented 5 months ago

https://docs.gitea.io/en-us/command-line/#admin see add-oauth --admin-group

gitea admin auth add-oauth --name "Keycloak" --provider  "openidConnect" --key "$(KEY_ID)" --secret "$(CLIENT_SECRET)" --auto-discover-url "https://keycloak.example.com/realms/develop/.well-known/openid-configuration" --scopes   "openid email profile groups" --admin-group "Gitea Administrators" --restricted-group "Gitea External Users" --group-claim-name "groups"