From f479f682b9bbfbdc465cb89b19b230b4cd762522 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Thu, 24 Sep 2020 21:00:43 +0200
Subject: [PATCH] Document OpenID / OAuth login

---
 README.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 05769bd..cf03cdf 100644
--- a/README.md
+++ b/README.md
@@ -12,9 +12,19 @@
 7. `abra deploy`
 9. Open the configured domain in your browser to finish set-up
 
-## SSO
+## Keycloak OpenID single sign-on
 
-https://docs.rocket.chat/guides/administrator-guides/authentication/open-id-connect/keycloak
+(Or use Rocket.Chat's [manual set-up guide](https://docs.rocket.chat/guides/administrator-guides/authentication/open-id-connect/keycloak))
+
+1. Edit `.envrc`; uncomment and edit all the Accounts_OAuth lines, and the
+	 `COMPOSE_FILE` line
+2. `direnv allow` (or `source .envrc`)
+3. Insert the OpenID secret into Docker: (FIXME add option for this to `abra`)
+```
+echo "your-secret-string-from-keycloak" | docker secret  create "${STACK_NAME}_openid_key_${VERSION}" -
+```
+4. `abra deploy`
+5. You should now have a "Login via Keycloak" option on the login page
 
 [Rocket.chat]: https://rocket.chat
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra