Skip to main content

Keycloak

Find Keycloak integration example in the following Caddyfile.

Realm Roles

Create a set of roles that will be later mapped to group memberships.

  • authp/admin
  • authp/user
  • authp/guest

Keycloak

Keycloak

Keycloak

Keycloak

Keycloak

Keycloak

Keycloak

Groups

First, create "Admins", "Editors", and "Viewer" groups under "Manage", "Groups".

Create "Admins" group:

Keycloak

Keycloak

Assign the previously created authp/admin role to "Admins" group:

Keycloak

Create "Editors" group:

Keycloak

Keycloak

Assign the previously created authp/user role to "Editors" group:

Keycloak

Create "Viewers" group:

Keycloak

Keycloak

Assign the previously created authp/guest role to "Viewers" group:

Keycloak

The list of realm roles follows.

Keycloak

Users

Next, create a new user under "Manage", "Users". As part of the process assign the newly created groups to the user.

Keycloak

Then, click "View all users" and click on the ID of the newly created user:

Keycloak

Browse to "Credentials" tab and set user password.

Keycloak

Browser to "Role Mappings" tab and see that the "Effective Roles".

Keycloak

Test the login by the user. The URL is https://keycloak/auth/realms/master/account/.

Keycloak

Keycloak

Realm

Disable a number of providers under "Configure", "Realm Settings", "Keys", and "Providers".

Keycloak

Keycloak

Keycloak

At the end, you should have rsa-generated provider only.

Keycloak

Client

Add client configuration. See screenshots.

Set "Valid Redirect URIs" to your callback endpoint, e.g. https://auth.myfiosgateway.com:8443/oauth2/keycloak/authorization-code-callback.

Set "Base URL" to the authentication portal, e.g. https://auth.myfiosgateway.com:8443/.

The "well-known" configuration URL would be:

http://keycloak/auth/realms/{realm}/.well-known/openid-configuration
https://keycloak.axi92.at/auth/realms/master/.well-known/openid-configuration

Keycloak

Keycloak

Keycloak

Keycloak

Keycloak

Keycloak

Keycloak

Confirm the configuration.

Keycloak

Keycloak

Keycloak

Browse to "Mappers" tab of the client config.

Click "Create" and add email property.

Keycloak

Next, click "Add Builtin" and add "groups" property.

Keycloak

Review the created mappers.

Keycloak

User Login

The user's profile now has the new application.

Keycloak

The login to authentication portal will succeed and /whoami will reflect the assigned groups.

Keycloak