Step By Step Guide For WordPress Single Sign On (SSO) using Keycloak



If you want users to login to your WordPress site using their keycloak credentials, you can simply do it using our WP OAuth Client plugin. Once you configure the keycloak with WordPress plugin, you can allow users to SSO to your WordPress site using keycloak. Similarly, you can map your WordPress roles based on your keycloak attributes/groups. To know more about other features we provide in WP OAuth Client plugin, you can click here.

Guide to configure Keycloak with WordPress :


  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file.
  • Root Directory of keycloak bin standalone.sh
  • Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
  • ss
  • Create realm: Enter Realm Name and click on CREATE to add realm.
  • Create ROLE: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.
  • ss1
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.
  • ss2
  • User Configuration: After user is created following action needs to be performed on it.
    • 1) Setting a password for it so click on Credentials and set a new Password for the user.

    ss3

    NOTE : Disabling Temporary will make user password permanent.

  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.
  • ss
  • Create groups: Click on the Groups and choose New to create a new group.
  • ss
  • Assign user to group: Select the user whom you want to add in group. Choose Groups option from tab and then select the group-name and click on join.
  • ss
  • Create OpenID client: Click on the Clients and choose create to create a new client. Enter client id and select client protocol openeid-connect and select Save.
  • ss
  • Change Access type: After client is created change its access type to confidential.
  • ss
  • Enter Valid Redirect URIs: Copy callback URL from plugin and then click on SAVE. Ex -- https:///oauth/callback
  • Keycloak Group Mapper: Now to get group details we need to perform its client mapping with group membership else group details will not be fetched. So in client select Mappers and then click on create. Select mapper type Group Membership and enter name and token claim-name i.e the attribute name corresponding which groups will be fetched. Turn Off full group path and click on Save.
  • ss

    Note: -- If full path is on group path will be fetched else group name will be fetched.

  • Realm name: You need a realm name when you set up Keycloak as an OAuth provider. Go to the Realm Settings tab and copy the realm name.
  • Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.
  • ss
  • You can download OAuth Client plugin using the following link.
  • OAuth Single Sign On – SSO (OAuth client)

  • Plugin Configuration: Enter copied Client Secret here Client ID will be your client name and the URL are given below.
  • Scope: email profile openid
    Authorization Endpoint: <keycloak domain>/auth/realms/{realm-name}/protocol/openid-connect/auth
    Token Endpoint: <keycloak domain>/auth/realms/{realm-name}/protocol/openid-connect/token
    UseInfo Endpoint: <keycloak domain>/auth/realms/{realm-name}/protocol/openid-connect/userinfo
    ss
  • Test Configuration
  • ss

Free Trial

If you are facing any difficulty please mail us on info@xecurify.com.