https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30988
--- Comment #12 from David Cook <[email protected]> --- My test plan: 0. Set up koha-testing-docker with a jboss/keycloak container as per https://hub.docker.com/r/jboss/keycloak/ 0b. Create "test" realm with discovery doc: http://<my_ip>:8082/auth/realms/test/.well-known/openid-configuration 0c. Create condiential OIDC client "koha" in "test" realm 0d. Create "test" user with email "[email protected]" and password "test" 0e. Fix "OPACBaseURL" so that it resolves to localhost instead of a non-existent domain name 1. Apply patch 2. koha-plack --restart kohadev 3*. "koha-upgrade-schema kohadev" didn't work so had to manually apply DB update via: koha-mysql kohadev < installer/data/mysql/atomicupdate/openidconnect.sql 4. Set "OIDC" syspref to "Yes" 5. Set "OIDCAutoRegister" to "Allow" 6. Set "OIDCConfigURL" to "http://<my_ip>:8080/auth/realms/test/.well-known/openid-configuration" 7. Set "OIDCDefaultBranch" to "CPL" 8. Set "OIDCDefaultCategory" to "Patron" 9. Set "OIDCOAuth2ClientID" to my Keycloak client id 10. Set "OIDCOAuth2ClientSecret" to my Keycloak client secret 11. Go to http://localhost:8080/cgi-bin/koha/opac-main.pl 12. Click "Log in to your account" 13. Fill out your username and password in Keycloak 14. Success! Returned to a logged in OPAC with new auto-registered borrower However, at the moment, this patch would fail for a few reasons: 1. The atomic update doesn't look like it's set up correctly. It should be automatically detected by koha-upgrade-schema 2. "Log in with OpenID" button on login failure is misnamed (It's "OpenID Connect" and not "OpenID". "OpenID" is an older standard). 3. "Log in with OpenID" button is not readable. It is white text on a white background. -- On a side note, it would probably be a good idea to add support for OpenID Connect logout as well, so that you're logged out of the SSO provider when you're logged out of Koha. While this might not be desirable at home, on public terminals it wouldn't be great if people logged out of Koha and then a stranger came along and was able to re-login as them... -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
