spookygames/flarum-ext-auth-keycloak
Composer 安装命令:
composer require spookygames/flarum-ext-auth-keycloak
包简介
Allow users to sign in/up/out with Keycloak.
关键字:
README 文档
README
Keycloak OAuth Flarum Extension
Use your keycloak server to handle user authentication and map roles and attributes.
Compatibility
Originally written for Keycloak 4.8.3-final and Flarum 0.1.0-beta.5.
Tested up to Keycloak 24.0.2 and Flarum 1.8.4 (versions used for the screenshots).
Your mileage may vary.
Base setup
Keycloak
From the Clients tab, create a new client to connect to your Flarum instance.
On step 2, enable Client Authentication. This way the client is confidential and gets its own secret. (Optional yet recommended)
On step 3, Root URL should be the base URL of your Flarum instance.
Once the client is created, if you made the client confidential in step 2, then head over to its Credentials tab and copy Client Secret somewhere.
Eventually, head over the Realm Settings tab, then find the key used by the OpenId Connect workflow (by default, RS256). Copy the Algorithm somewhere. Copy the Public Key somewhere too (copy what is displayed after you press the "Public key" button).
Flarum
Install extension via Composer / Packagist.
composer require spookygames/flarum-ext-auth-keycloak
Head over the Flarum admin panel (for instance https://my-flarum.example.com/admin).
In the Permissions tab, make sure Sign up is Open (here's why).
In the Extensions tab, enable extension and configure as needed.
-
Keycloak version: the version of your Keycloak instance.
-
Server URL: the URL to your Keycloak instance, like https://keycloak.example.com/auth. Beware the "auth" with no trailing slash for Keycloak versions < 20.
-
Realm: the authentication realm you created for your Flarum.
-
Client ID: the name of the client you created above.
-
Client Secret: paste from client creation step 2, defaults to client ID if you do not override.
-
Encryption algorithm: paste from client creation, defaults to RS256.
-
Encryption key (or cert): paste from client creation.
-
Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example:
{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}. -
Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example:
{"moniker":"nickname","badges":"badges"}. -
Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.
-
Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example:
{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}. -
Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example:
{"moniker":"nickname","badges":"badges"}. -
Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.
Advanced Setup: Sync Keycloak roles with Flarum groups
In order to map Keycloak roles onto Flarum groups, you have to make roles visible from the userinfo endpoint. To this extent, add a mapper to your new client.
Advanced Setup: Update Flarum avatar with Keycloak picture
Extension settings
- Keycloak version: the version of your Keycloak instance.
- Server URL: the URL to your Keycloak instance, like https://keycloak.example.com/auth. Beware the "auth" with no trailing slash for Keycloak versions < 20.
- Realm: the authentication realm you created for your Flarum.
- Client ID: the name of the client you created above.
- Client Secret: defaults to client ID if you do not override.
- Encryption algorithm: defaults to RS256.
- Encryption key (or cert): you may copy here the content of what was displayed after you pressed the "Public key" button on Keycloak.
- Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example:
{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}. - Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example:
{"moniker":"nickname","badges":"badges"}. - Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.
Troubleshooting
User created with an odd name that does not match actual username like 'tgtplwexeowwluxnqid4cjgw' (original issue)
Flarum only allows usernames that match the regular expression /[^a-z0-9-_]/i.
Every Keycloak user with a "preferred_username" not matching this expression will instead be assigned a random name, as well as a proper Flarum "nickname".
In order to see the nickname instead of the random username, activate the Nicknames extension and use the User Display Name driver named nickname.
spookygames/flarum-ext-auth-keycloak 适用场景与选型建议
spookygames/flarum-ext-auth-keycloak 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.49k 次下载、GitHub Stars 达 17, 最近一次更新时间为 2019 年 05 月 28 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 spookygames/flarum-ext-auth-keycloak 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 spookygames/flarum-ext-auth-keycloak 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 spookygames/flarum-ext-auth-keycloak 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
Email Toolkit Plugin for CakePHP
A list of dangerous usernames
Simple Laravel signup/login module, with simple user roles.
统计信息
- 总下载量: 1.49k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 17
- 点击次数: 20
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2019-05-28








