Keycloak is an authentication provider that we use in development to test Sourcegraph's support for OpenID Connect and SAML. It serves the same role as OpenID Connect and SAML providers on Okta, OneLogin, G Suite, etc., but it runs locally and is easier to autoconfigure for use with your local dev server.
Keycloak is started when you run dev/start.sh.
To use it, visit your local dev server's sign-in page and authenticate using an auth provider whose name contains "Keycloak".
To disable it, use NO_KEYCLOAK=1 dev/start.sh.
Most people don't need to keep reading.
If you need to edit client or user information and want to persist your changes:
- Start Keycloak, if you haven't already. See the above section for steps. The
keycloakDocker container should be running. - Edit the JSON files in
config/as needed. - Run
RESET=1 scripts/configure-keycloak.shto clobber the existing configuration with theconfig/*.jsonfiles' configuration.
Not sure how to edit the JSON to achieve your desired outcome? Use the Keycloak admin interface at http://localhost:3220/auth (login as root/q) to change configuration, and then export to JSON.