How-to: configure Webuntis for Keycloak
1 Step: prepare Keycloak:
1. In User Federation → LDAP → Mappers you have to add 5 additional Ldap attributes:
- ucsschoolRecordUID
- ucsschoolSchool
- ucsschoolRole
- uid
- username
2.Define your own scope “untis” under Client Scopes and set to “optional”.
now save and add the above five attributes to the “untis” scope in the Mappers tab.
[…]
3. Create a “webuntis” client under Clients:
- Client ID and Client Secret (must be synchronized between Webuntis configuration mask and Keycloak)
- Valid Redirect URIs according to this schema: https://xykos.webuntis.com/WebUntis/oidc/callback
- single logout not possible at the moment
Use this secret in webuntis.
- Assign the scopes in the Client Scopes tab of “webuntis”, e.g. profile, email, untis
At least, for the logout flow, you should adjust the “Abmeldeeinstellungen” / “logoutsettings”:
Step 2: Configuration in Webuntis:
