Skip to content

Latest commit

 

History

History
96 lines (64 loc) · 4.89 KB

README.md

File metadata and controls

96 lines (64 loc) · 4.89 KB

keycloak-orcid

This Keycloak plugin makes possible to add ORCID as Social Identity Provider. ORCID is one of the most popular authentication options for research & education scenarios, including access to the European Open Science Cloud (EOSC). Although ORCID can be configured as an OpenID Connect Identity Provider, the current ORCID OIDC implementation does not support the release of email and other information (see ORCID OpenID Connect documentation).

Features

  • Social ORCID Identity Provider
  • User Attributer Mapper for ORCID Identity Provider
  • ORCID theme logo

Compatibility

Version 1.1.0 is compatible with Keycloak version 18. Version 1.3.0 is compatible with Keycloak version 22-24. Version 1.4.0 is compatible with Keycloak version 25 and possibly later versions. Version 1.4.1 is compatible with Keycloak version 26 (probably also 25 and possibly later versions).

Installation

The plugin installation is simple and can be done without a Keycloak server restart.

  • Download the latest release from the releases page
  • For Keycloak X, copy the jar in the directory 'providers' of your Keycloak server's root. For old Keycloak in wildfly, copy the JAR file into the standalone/deployments directory of your Keycloak server's root.
  • Restart Keycloak (optional, hot deployment should work)

Build with command : mvn clean install

How to use it

Requirements

In order to configure ORCID as Identity Provider, you need to have account in ORCID and make appropriate configuration.

Configuration

There are a number of steps you have to complete to be able to enable login with ORCID. Firstly, go to the Identity Providers left menu item and select ORCID from the Add provider drop down list. This will bring you to the Add identity provider page.

Add Identity Provider Add Identity Provider

You can't click save yet, as you'll need to obtain a Client ID and Client Secret from ORCID. One piece of data you'll need from this page is the Redirect URI. You'll have to provide that to ORCID as Redirect URIs.

To enable login with ORCID you must do appropriate configuration through ORCID Developer Tools.

Click the Register for the free ORCID public API button. Add Identity Provider

After agreeing the terms of service, you must complete the form presented to register a new application. Add Identity Provider

You must configure following values:

  • Name: The name of your application.
  • Website: The website the user can visit to learn more about your application.
  • Description: Information about the application. This will be displayed to users on the OAuth screen.
  • Redirect URIs: URIs for use with the OAuth 2.0 protocol. Add here the Keycloak Redirect URI. This URI will have the following format https://<keycloak-url>/auth/realms/<realm>/broker/orcid/endpoint Only https Redirect URIs are accepted for original ORCID Registry. You must set up HTTPS/SSL in Keycloak.

Click the Save icon at the bottom of the form to generate your API credentials.

Detail information can be found in ORCID Developer Documentation.

You will need also to obtain the Client ID and Client Secret from this page so you can enter them into the Add identity provider page. To obtain this click on Show Details button. Go back to Add identity provider page and specify those items and finally save your Orcid Identity Provider.

Mappers

After creating ORCID as Social Identity Provider, you can add the mappers needed to retrieve the attributes you want.

Theme

This plugin provides for login console the theme:

  • orcid-theme

You could change the login theme to orcid-theme from Themes tab in realm settings, if you want the ORCID logo to be shown in ORCID Identity Provider button during login process. Changes provided in this theme can be transferred in any custom login theme.

Issue management

For any bug or wanted feature, you could open a jira issue. For any information/question you could send us email to [email protected].