* Harmonize Keycloak client configurations with built-in IdP
This change makes the Keycloak client configurations consistent with the built-in IdP:
1. Standardized client IDs to match built-in IdP:
- web (unchanged)
- OpenCloudDesktop (was random ID)
- OpenCloudAndroid (was random ID)
- OpenCloudIOS (was random ID)
- Cyberduck (simplified ID)
2. Updated domain names to use .eu consistently:
- Changed from opencloud.com to opencloud.eu for mobile apps
- Changed from hardcoded domains to templated {{OC_URL}} values
3. Updated redirect URIs to match built-in IdP format:
- Added specific callback paths for web client
- Removed wildcarded ports for desktop client
4. Changed mobile/desktop clients to public clients (equivalent to native app type)
5. Enhanced docker-entrypoint-override.sh to handle {{OC_URL}} template variables
These changes ensure a consistent authentication experience regardless of
whether users are using the built-in IdP or Keycloak.
* Harmonize Keycloak client configuration with client JSONs
Update the realm configuration to match the client configuration JSON files:
1. Update client IDs to match client JSON files:
- Changed 'xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69' to 'OpenCloudDesktop'
- Changed 'e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD' to 'OpenCloudAndroid'
- Changed 'mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1' to 'OpenCloudIOS'
2. Fix additional client properties:
- Fix client names: Use proper capitalization for all clients
- Fix OAuth redirect URIs for Android and iOS to use .eu domain
- Fix Desktop URIs by removing wildcard asterisks
- Update post-logout redirect URIs to match client JSONs
- Set publicClient flag to true for all mobile/desktop clients
These changes ensure that when the realm is imported during deployment,
the client configurations will match the client JSONs exactly.
* Update web client configuration in Keycloak realm
Harmonize the web client configuration in the realm:
- Add 'OpenCloud Web App' client name
- Change URLs to use {{OC_URL}} template variables
- Update redirect URIs to use specific paths instead of wildcard
- Set backchannel logout URL to use templated URL
This completes the harmonization of all client configurations in the realm.
* Revert template variable approach in Keycloak configuration
Reverted templating changes to match upstream conventions:
1. Removed template variable handling from docker-entrypoint-override.sh
- Removed {{OC_URL}} replacement, keeping only domain replacement
This maintains compatibility with the upstream approach of using direct URLs
with domain substitution instead of template variables.
* Fix remaining old client ID references in role mappings
Updated the remaining references to old client IDs in the role mappings section:
- xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 → OpenCloudDesktop
- e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD → OpenCloudAndroid
- mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 → OpenCloudIOS
This ensures all client ID references throughout the realm configuration are
consistent and use the simplified IDs.
The compose example lacked support for setting various SMTP related
config vars. Even though some of them where present in the '.env' file.
Closes: #511
Bumps Collabora in the deployment example to `24.04.13.2.1` and fixes the entrypoint. It seems to have changed with newer versions of the docker image, hence we need to specify the entrypoint manually to make the start commands work.
