Updated Keycloak etc login settings at start-wekan.bat and start-wekan.sh.

Thanks to xet7 !

start-wekan.bat

@@ -183,6 +183,121 @@ REM SET ORACLE_OIM_ENABLED=true
 
 REM ------------------------------------------------------------
 
+REM ## ==== OAUTH2 AZURE ====
+REM ## https://github.com/wekan/wekan/wiki/Azure
+REM ## 1) Register the application with Azure. Make sure you capture
+REM ##    the application ID as well as generate a secret key.
+REM ## 2) Configure the environment variables. This differs slightly
+REM ##     by installation type, but make sure you have the following:
+REM SET OAUTH2_ENABLED=true
+REM ## Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
+REM # SET OAUTH2_CA_CERT=ABCD1234
+REM ## Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
+REM # SET OAUTH2_ADFS_ENABLED=false
+REM ## Azure AD B2C. https://github.com/wekan/wekan/issues/5242
+REM # SET OAUTH2_B2C_ENABLED=false
+REM ## OAuth2 login style: popup or redirect.
+REM SET OAUTH2_LOGIN_STYLE=popup
+REM ## Application GUID captured during app registration:
+REM SET OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+REM ## Secret key generated during app registration:
+REM SET OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+REM SET OAUTH2_SERVER_URL=https://login.microsoftonline.com/
+REM SET OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
+REM SET OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
+REM SET OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
+REM ## The claim name you want to map to the unique ID field:
+REM SET OAUTH2_ID_MAP=email
+REM ## The claim name you want to map to the username field:
+REM SET OAUTH2_USERNAME_MAP=email
+REM ## The claim name you want to map to the full name field:
+REM SET OAUTH2_FULLNAME_MAP=name
+REM ## The claim name you want to map to the email field:
+REM SET OAUTH2_EMAIL_MAP=email
+
+REM ------------------------------------------------------------
+
+REM ## ==== OAUTH2 Nextcloud ====
+REM ## 1) Register the application with Nextcloud: https://your.nextcloud/index.php/settings/admin/security
+REM ##    Make sure you capture the application ID as well as generate a secret key.
+REM ##    Use https://your.wekan/_oauth/oidc for the redirect URI.
+REM ## 2) Configure the environment variables. This differs slightly
+REM ##     by installation type, but make sure you have the following:
+REM SET OAUTH2_ENABLED=true
+REM ## OAuth2 login style: popup or redirect.
+REM SET OAUTH2_LOGIN_STYLE=popup
+REM ## Application GUID captured during app registration:
+REM SET OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+REM ## Secret key generated during app registration:
+REM SET OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+REM SET OAUTH2_SERVER_URL=https://your-nextcloud.tld
+REM SET OAUTH2_AUTH_ENDPOINT=/index.php/apps/oauth2/authorize
+REM SET OAUTH2_USERINFO_ENDPOINT=/ocs/v2.php/cloud/user?format=json
+REM SET OAUTH2_TOKEN_ENDPOINT=/index.php/apps/oauth2/api/v1/token
+REM ## The claim name you want to map to the unique ID field:
+REM SET OAUTH2_ID_MAP=id
+REM ## The claim name you want to map to the username field:
+REM SET OAUTH2_USERNAME_MAP=id
+REM ## The claim name you want to map to the full name field:
+REM SET OAUTH2_FULLNAME_MAP=display-name
+REM ## The claim name you want to map to the email field:
+REM SET OAUTH2_EMAIL_MAP=email
+
+REM ------------------------------------------------------------
+
+REM ## ==== OAUTH2 KEYCLOAK ====
+REM ## https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
+REM SET OAUTH2_ENABLED=true
+REM ## OAuth2 login style: popup or redirect.
+REM SET OAUTH2_LOGIN_STYLE=popup
+REM SET OAUTH2_CLIENT_ID=<Keycloak create Client ID>
+REM SET OAUTH2_SERVER_URL=<Keycloak server url - https://keycloak.example.com>
+REM SET OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
+REM SET OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
+REM SET OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
+REM SET OAUTH2_SECRET=<keycloak client secret>
+REM SET OAUTH2_ID_MAP=sub
+REM SET OAUTH2_USERNAME_MAP=preferred_username
+REM SET OAUTH2_EMAIL_MAP=email
+REM SET OAUTH2_FULLNAME_MAP=name
+
+REM ------------------------------------------------------------
+
+REM ## ==== OAUTH2 DOORKEEPER ====
+REM ## https://github.com/wekan/wekan/issues/1874
+REM ## https://github.com/wekan/wekan/wiki/OAuth2
+REM ## Enable the OAuth2 connection
+REM SET OAUTH2_ENABLED=true
+REM ## OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+REM ## OAuth2 login style: popup or redirect.
+REM SET OAUTH2_LOGIN_STYLE=popup
+REM ## OAuth2 Client ID.
+REM SET OAUTH2_CLIENT_ID=abcde12345
+REM ## OAuth2 Secret.
+REM SET OAUTH2_SECRET=54321abcde
+REM ## OAuth2 Server URL.
+REM SET OAUTH2_SERVER_URL=https://chat.example.com
+REM ## OAuth2 Authorization Endpoint.
+REM SET OAUTH2_AUTH_ENDPOINT=/oauth/authorize
+REM ## OAuth2 Userinfo Endpoint.
+REM SET OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
+REM ## OAuth2 Token Endpoint.
+REM SET OAUTH2_TOKEN_ENDPOINT=/oauth/token
+REM ## OAUTH2 ID Token Whitelist Fields.
+REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
+REM ## OAUTH2 Request Permissions.
+REM SET OAUTH2_REQUEST_PERMISSIONS=openid profile email
+REM ## OAuth2 ID Mapping
+REM # SET OAUTH2_ID_MAP=
+REM ## OAuth2 Username Mapping
+REM # SET OAUTH2_USERNAME_MAP=
+REM ## OAuth2 Fullname Mapping
+REM # SET OAUTH2_FULLNAME_MAP=
+REM ## OAuth2 Email Mapping
+REM # SET OAUTH2_EMAIL_MAP=
+
+REM ------------------------------------------------------------
+
 REM # Enable the OAuth2 connection
 REM # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
 REM # example: OAUTH2_ENABLED=true
@@ -242,17 +357,22 @@ REM SET OAUTH2_EMAIL_MAP=
 
 REM ------------------------------------------------------------
 
+REM ## ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ====
+REM ## https://github.com/wekan/wekan/wiki/LDAP
+REM ## Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
+
+REM # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
+REM # (this is set properly in the Admin Panel, changing this item does not remove Password login option)
+REM SET DEFAULT_AUTHENTICATION_METHOD=ldap
+
 REM # LDAP_ENABLE : Enable or not the connection by the LDAP
-REM # example : LDAP_ENABLE=true
-REM SET LDAP_ENABLE=false
+REM SET LDAP_ENABLE=true
 
 REM # LDAP_PORT : The port of the LDAP server
-REM # example : LDAP_PORT=389
 REM SET LDAP_PORT=389
 
 REM # LDAP_HOST : The host server for the LDAP server
-REM # example : LDAP_HOST=localhost
-REM SET LDAP_HOST=
+REM SET LDAP_HOST=localhost
 
 REM #-----------------------------------------------------------------
 REM # ==== LDAP AD Simple Auth ====
@@ -493,11 +613,13 @@ REM # LOGOUT_ON_MINUTES : The number of minutes
 REM # example : LOGOUT_ON_MINUTES=55
 REM SET LOGOUT_ON_MINUTES=
 
+REM ## https://github.com/wekan/wekan/wiki/CAS
 REM SET CAS_ENABLED=true
 REM SET CAS_BASE_URL=https://cas.example.com/cas
 REM SET CAS_LOGIN_URL=https://cas.example.com/login
 REM SET CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
 
+REML ## https://github.com/wekan/wekan/wiki/SAML
 REM SET SAML_ENABLED=true
 REM SET SAML_PROVIDER=
 REM SET SAML_ENTRYPOINT=
@@ -510,7 +632,7 @@ REM SET SAML_IDENTIFIER_FORMAT=
 REM SET SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
 REM SET SAML_ATTRIBUTES=
 
-REM # Wait spinner to use
+REM # Wait spinner to use https://github.com/wekan/wekan/wiki/Wait-Spinners
 REM SET WAIT_SPINNER=Bounce
 
 REM # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132

start-wekan.sh

@@ -230,11 +230,15 @@
       # OAuth2 login style: popup or redirect.
       #export OAUTH2_LOGIN_STYLE=redirect
       #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
-      #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
+      #export OAUTH2_SERVER_URL=<Keycloak server URL - https://keycloak.example.com>
       #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
       #export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
       #export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
       #export OAUTH2_SECRET=<keycloak client secret>
+      #export OAUTH2_ID_MAP=sub
+      #export OAUTH2_USERNAME_MAP=preferred_username
+      #export OAUTH2_EMAIL_MAP=email
+      #export OAUTH2_FULLNAME_MAP=name
       #-----------------------------------------------------------------
       # ==== OAUTH2 DOORKEEPER ====
       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2