Setup Drupal Keycloak User Synchronization

Overview

Keycloak User Provisioning Integration with Drupal simplifies user management by keeping user accounts and profile information synchronized between your Drupal website and the Keycloak identity provider. This comprehensive setup guide will help you configure manual/automatic user provisioning and synchronization from Drupal to Keycloak. With the Drupal Keycloak User Provisioning module, administrators can easily create, update, or delete users using manual, on-demand, or scheduled provisioning methods. The module ensures secure and efficient user data management across platforms and is fully compatible with Drupal 9, Drupal 10, and Drupal 11.

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  composer require 'drupal/keycloak_user_provisioning'

• Navigate to Extend menu on your Drupal admin console and search for miniOrange Keycloak User Provisioning using the search box.
• Enable the module by checking the checkbox and click on Install button.
• Configure the module at

  {BaseURL}/admin/config/people/keycloak_user_provisioning/overview

• Install the module:

  drush en keycloak_user_provisioning

• Clear the cache:

   drush cr

• Configure the module at

  {BaseURL}/admin/config/people/keycloak_user_provisioning/overview

Note: Manual installation is supported only up to Drupal 7. For Drupal 8 and above, you must use Composer for installation and project management.



• Navigate to Extend menu on your Drupal admin console and click on Install new module button.
• Install the miniOrange Keycloak User Provisioning module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on Install button.
• Configure the module at

  {BaseURL}/admin/config/people/keycloak_user_provisioning/overview

Configuration Steps

1. Configure API-Based Provisioning

• After installing the module on the Drupal site, in the Administration menu, navigate to Configuration → People → miniOrange Keycloak User Provisioning.
• Have a glance at what the module does and click on the Let’s Configure the module button.

2. Integrating Drupal with Keycloak

• login with your keycloak credentials.
• From the left-hand menu, navigate to the Clients tab and click on the Create Client button.

• Under Create client:
• Enter the Client ID and Description.
• Click on the Next button to proceed.

• On the next screen, enable the Client Authentication and Authorization toggle buttons.
• Select the checkboxes for Standard Flow and Direct Access Grants.
• Click on the Next button, and then click Save to complete the setup.

• You will be redirected to the Client Details page. Under the General Settings section, copy the Client ID and keep it handy.

• Now, navigate to the Credentials section, copy the Client Secret, and keep it handy.

• Next, go to the Service Accounts Roles tab and click on the Assign Role -> Client roles button.

• Assign the following roles to the created client.

• Next, copy the Realm name from the left-hand menu.

• Go to the Drupal site and enter the Keycloak Domain, Client ID, Client Secret, Keycloak Realm.
• Once done click on the Save & Test Configuration button.

3. Test Configuration

• If the Test Configuration is successful, you will receive a list of user attributes from Keycloak.

• Alternatively, if there is an error in the integration of Keycloak with Drupal, then you can check the cause of the error by following the link in the error message or scrolling down to the Test Configuration Result section.

• Once the test is successful, click on the Test Manual Sync button.

• In the search field, enter the username of the Drupal user and click the Sync button.

• If the provisioning is successful, a status message will appear as shown below.

• To verify if the user is provisioned or not, navigate to the Users tab and confirm the status of the user.

• Manual/On-Demand Provisioning
• Automatic Provisioning

In Manual/On-Demand Provisioning you can manually sync the user with Keycloak. It also allows the provisioning of a single user as well as all of the existing users at once to Keycloak.

Configure Manual/On-Demand Provisioning

• Click on the Configure button of the Manual/On-Demand Provisioning section.

• Under the Manual Provisioning Configuration section, check the checkbox of Create user and click on the Save button.

• Once saved, click on the All Done button. You can then sync users by clicking the Sync Users Manually button.

This type of provisioning allows you to sync users with Keycloak whenever any CRUD operation(s) is performed on them in Drupal.

Configure Automatic Provisioning

• Automatic Provisioning will help you provision your users using any of the following events:
• Admin Interface: When administrators or privileged users manually perform CRUD operations on a user’s account via the Drupal admin interface.
• User account change: Whenever users themselves perform CRUD operations on their own information form user/{user_id}/edit or any other custom form.
• 3rd Party Modules: Whenever a user entity is updated/created in the Drupal site using any third-party modules/applications or custom code
• User Registration: Whenever a user creates a new account in Drupal. (/user/register)

• Click on the Configure button of the Automatic Provisioning section.

• Under the Automatic Provisioning Configuration section, check the checkbox of Create user and click on the Save button.

• Now, you can try to create a new user on the Drupal site and check the logs by navigating to Reports → Recent log messages and using the user_provisioning filter.

That’s it!! you have successfully provisioned the users with Keycloak.

If the Provision was not successful, please contact us at drupalsupport@xecurify.com. Please send the screenshot of the error window, and we will assist you in resolving the issue and guiding you through the setup.

Additional Resources

• Drupal User Provisioning
• Okta Sync