Took a look at the config and managed to get Keycloak (using OIDC discovery URL) working using the following docker env vars:
MAYAN_AUTHENTICATION_BACKEND = 'mayan.apps.authentication_oidc.authentication_backends.AuthenticationBackendOIDC'
MAYAN_AUTHENTICATION_BACKEND_ARGUMENTS = {"oidc_discovery_url":"https://$OIDC_HOSTNAME/realms/$REALM/.well-known/openid-configuration","oidc_rp_client_id":"$OIDC_CLIENT_ID","oidc_rp_client_secret":"$OIDC_CLIENT_SECRET","oidc_rp_sign_algo":"RS256"}
It looks like the following isnt implemented, do you know if it is on the roadmap (or did I miss it):
- Single Logout - Logging out in Mayan doesnt logout from the IDP
- Role mapping - it doesnt look like the current code checks the claims for any roles
Also, is MAYAN_AUTHENTICATION_OIDC_USER_PROFILE_URL
intended to take you to the IDP user page, would be https://${OIDC_HOSTNAME}/realms/$REALM/account/#/
in Keycloak?