Gerrit is a code review and project management tool for Git based projects.
Keycloak is open source Identity and Access Management tool.
This doument provides a step-by-step tutorial how to set-up Keycloak as OAuth2 provider for Gerrit Code Review for development only. For production HTTPS protocol must be configured.
- Linux or MacOS operating system
- Docker-compose is installed
- Install Keycloak official Docker image from this repository and start it:
$ git clone https://github.com/jboss-dockerfiles/keycloak
$ cd keycloak/docker-compose-examples
$ docker-compose -f keycloak-postgres.yml up-
Login to Keycloak using admin/Pa55w0rd credentials and import keycloak json file.
-
Create test user: John Doe, with username "jdoe", email: john@doe.org, with password "secret", Temporary=OFF.
-
Configure gerrit according to provided gerrit.config. Note this Keycloak OAuth2 provider configuration section:
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = http://localhost:8080
realm = master
client-id = gerrit
client-secret = f9980771-0172-43df-bc5b-98bc2f9477d0
- Set up gerrit site using latest released gerrit.war and select OAUTH authentication scheme using:
$ java -jar gerrit.war init -d gerrit_site_oauth-
Download gerrit-oauth-provider plugin from here and copy it to <gerrit_site>/plugins directory
-
Start gerrit using:
<gerrit_site>/bin/gerrit.sh start -
Enter gerrit URL in browser: http://localhost:8081 and hit "Sign In" button
-
Keycloak Login Dialog should appear
-
Enter user: "jdoe" and password: "secret"
-
You are redirected to gerrit and the first user/admin John Doe is created in gerrit with the right user name and email address.
-
Congrats, you have Gerrit / Keycloak OAuth2 integration up and running.