Search
START TYPING AND PRESS ENTER TO SEARCH

Setup Guide to Configure Keycloak with Drupal

Download Module
miniOrange Drupal OAuth/OpenID module gives the ability to enable OAuth/OpenID Single Sign On for Drupal site. Drupal OAuth Client module is compatible with all OAuth/OpenID Providers. Here we will go through a guide to configure SSO between Drupal and Jboss Keycloak. By the end of this guide, Jboss Keycloak users should be able to login and register to Drupal site.
If you have any doubts or queries you can contact us at drupalsupport@xecurify.com. We will help you to configure the module.

Step 1: Follow the step by step guide to configure Keycloak with Drupal

  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file

    Root Directory of keycloak/bin/standalone.sh

  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Login Add Realm
  • Create Realm: Enter Realm Name and click on CREATE to add realm.
  • Create Role: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Add Role
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Add User
  • User Configuration: After user is created following action needs to be performed on it.
    • Setting a password for it so click on Credentials and set a new Password for the user.
      • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Credentials

      NOTE : Disabling Temporary will make user password permanent


  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Role Mapping
  • Create groups: Click on the Groups and choose New to create a new group.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Create Group
  • Assign user to group: Select the user whom you want to add in group. Choose Groups option from tab and then select the group-name and click on join.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Assign User to Group
  • Create OpenID client: Click on the Clients and choose create to create a new client. Enter client id and select client protocol openeid-connect and select Save.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Openid Connect
  • Enter Change Access Type: Afterclient is created change it's access type to confidential
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Change Access Type
  • Enter Valid Redirect URLs: Copy callback URL from module and then click on SAVE.
    Ex -- https://oauth/callback
  • Keycloak Group Mapper: Now to get group details we need to perform its client mapping with group membership else group details will not be fetched. So in client select Mappers and then click on create. Select mapper type Group Membership and enter name and token claim-name i.e the attribute name corresponding which groups will be fetched and click on Save Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Group Mapper

    Note: -- If full path is on group path will be fetched else group name will be fetched.



  • Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.
    • Drupal OAuth OpenID OIDC Single Sign On (SSO) Keycloak SSO Client Credentials
  • You have successfully completed your Keycloak OAuth Server side configurations
    • Scope: email profile
    Authorize EndPoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/userinfo

Step 2: Configure miniOrange Drupal OAuth Client module.

  • Login in your Drupal site’s admin console and click on Extend from the top navigation bar.
  • Select the Install new module option to install a new module on your Drupal site.
    • Drupal OAuth Client module - Install
  • Upload the downloaded zip file of the Module and click on the Install button to continue.
    • Drupal OAuth Client module - Upload
  • Select Enable newly added modules.
    • Drupal OAuth Client module - Update manager
  • Scroll down till you find miniOrange OAuth Client. Click on the checkbox next to it and click on the Install button to enable the module.
    • Drupal OAuth Client module - Enable module
  • Click on Configuration from the top navigation bar and Select Drupal OAuth client Configuration.
    • Drupal OAuth Client - Configuration
  • Click on the Configure OAuth Client tab and select your OAuth Provider from the Select Application dropdown. In case you do not find your OAuth Provider listed in the dropdown, please select Custom OAuth Provider and continue.
    • Drupal OAuth Client - Configure module
  • Enter your OAuth Provider information in their respective fields and click on the Save button to continue. Also, copy the Callback/Redirect URL and save it on your OAuth Provider.
    • Drupal OAuth Client - Configure OAuth tab
  • Now click on the Test Configuration option. This Test Configuration link will give you the list of the attributes that are coming from your OAuth Provider.
  • Copy the email and the name attributes and save them under the Attribute & Role Mapping tab in the Email Attribute and Name Attribute text field respectively.

    • Please note: This step is mandatory for your login to work. Click on the Save button on the bottom of the page to save your attribute configurations.

    Drupal OAuth Client Attribute Mapping
  • If your OAuth Provider supports only HTTPS Root URL or Base URL (for eg. Azure, Azure B2C) you can change it under Sign In Settings tab.
    • Drupal OAuth Client Redirect URL
  • Now logout and go to your Drupal site’s login page, you will automatically find a Login withYour OAuth Provider link there. If you want to add your login link to other pages as well, please follow the steps given in the below image:
    • Drupal OAuth Client login link
  • If you want to check out our complete list of features and our various licensing plans, you can go to the Upgrade Plan tab in the module.
  • If you want to purchase any of the paid version of the module, you have to register/login with us in Register/Login tab.
  • Still, if you are facing any difficulty or if you have any questions in mind, you can reach out to us by submitting a query in the Support tab of a module or by sending us a mail at info@xecurify.com.

    • Congratulations, you have successfully configured the miniOrange Drupal OAuth Client module.

Free Trial

If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com