Setup social and other Oauth/Saml integration with Keycloak Radius embedded server
# activate the pnpm package manager
corepack enable
# install npm packages
pnpm install
# watch and serve a dev server at http://localhost:5173/login.html
# put your keycloak.json in ./public/
pnpm start
# build the project in production mode. The build artifacts will be stored in the `dist/` directory
pnpm build
- Authorization through Keycloak occurs by OpenID Connect.
- User selects on the login page the identity provider through which he wants to log in
- The result of a successful authorization is a JWT that contains a temporary session key.
- With this key, the User is authorized through Radius Server.
- Radius Server checks if this key is in the user session. And whether it was used.
- Radius Server successfully authorizing the user
- Create Realm
- Create Radius Client
- Create OpenId client
- Setting your Hotspot DNS in "Valid Redirect URIs" and "Web Origins"
- Add "Radius Session Password" Mapper
- Download keycloak.json
- Download the
hostpot.zip
from the latest release, unzip and upload thelogin.html
file andassets
folder into/hotspot
folder on device via- web UI
- scp
- ftp
- winbox
- Download keycloak.json
- upload
keycloak.json
into/hotspot
folder on device - update Walled Garden. Add your keycloak host
-
install ngrok. Register ngrok
./ngrok authtoken <YOUR TOKEN>
-
start ngrok
./ngrok http 8090
-
goto https://developers.facebook.com/ and create a new application
-
Insert Redirect URI from Step 7
-
add facebook hosts to Walled Garden
/ip hotspot walled-garden add comment=facebook dst-host=facebook.* add comment=facebook dst-host=*.facebook.* add comment=facebook dst-host=*.fbcdn.* add comment=facebook dst-host=*akamai* add comment=facebook dst-host=*atdmt* add comment=facebook dst-host=*fbsbx* add comment=common dst-host=www.google-analytics.com