Search Results :

×

Contents

SSO Login into Drupal using Keycloak as OAuth / OpenID Connect Provider

Drupal OAuth/OpenID Connect SSO integration enables SSO between the Drupal site and Keycloak. This setup guide helps in configuring Single Sign-On (SSO) between the Drupal site and Keycloak using the OAuth/OpenID Connect module. When you incorporate the OAuth/OpenID Connect module with the Drupal site, you can log into the Drupal site seamlessly with Keycloak credentials. This module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

free trial plugin Playground plugin pricing button schedule meeting button Schedule a Meeting
  • Download the module: 
    composer require 'drupal/miniorange_oauth_client'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange OAuth Client Configuration using the search box.
  • Enable the module by checking the checkbox and click on the Install button.
  • You can configure the module at: 
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Install the module: 
    drush en drupal/miniorange_oauth_client
  • Clear the cache: 
     drush cr
  • You can configure the module at: 
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Navigate to Extend menu on your Drupal admin console and click on Install new module.
  • Install the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • You can configure the module at: 
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Go to ConfigurationPeopleminiOrange OAuth Client Configuration in the Administration menu. (/admin/config/people/miniorange_oauth_client)
Drupal OAuth Client - select mimiorange OAuth Client Configuration
  • Under the Configure OAuth tab select desired OAuth Provider from the dropdown.
    • Note and Contact Us - SSO between two WordPress sites

    Note: If the desired OAuth Provider is not listed in the dropdown, please select Custom OAuth Provider / Custom OpenID Provider and continue.

Drupal OAuth Client - select OAuth Provider
  • Copy the Callback/Redirect URL and keep it handy. This will be required while configuring the OAuth Provider.
    • Note and Contact Us - SSO between two WordPress sites

    Note: If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox at the bottom of the tab.


  • Enter the OAuth provider name in the Display Name text field.
Drupal OAuth Client - Copy Callback URL
  • Configure keycloak with lower version
  • Log into your Keycloak administrator console.
  • Select Create Realm from the master dropdown menu.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - Navigate to the master and click on Create Realm button

  • Enter the application name in the Realm name text field and click on the Create button to proceed.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - enter application name in Realm name text field

  • Navigate to the Clients -> Clients list -> Create client.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - Click on create client button

  • In the General Settings, enter the Client ID and copy it and keep it handy to configure Drupal as OAuth client. Click on the Next button.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - enter Client ID name into the text field

  • In the Capability Config, enable the checkbox for Client authentication and click on the Next button.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - Enable the Client authentication checkbox

  • In the Login settings, paste the Callback/Redirect URL into the Valid redirect URIs text field and click on the Save button.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - Copy the Callback URL that you have copied from OAuth Client module and paste it into the field

  • Navigate to the Credentials tab, and copy the Client secret and keep it handy to configure Drupal as OAuth client.
Keycloak OAuth/OIDC Single Sign On - Copy the Client Secret

  • Go to the Keycloak Administrator console.
  • Navigate to Realm settings General and copy the Realm ID by clicking on copy Icon.
  • Copy the Keycloak domain URL. For example, if your Keycloak is running on localhost, then the domain would be "https://localhost:8080”. (refer to the below image)
Keycloak OAuth/OIDC Single Sign On - CCopy Realm Name and Domain

Create OAuth/OpenID Single Sign-On Application in Keycloak:

  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file Root Directory of keycloak/bin/standalone.sh
  • Create Realm: Now login to keycloak administration console and navigate to your desired realm. You can add a new realm by selecting Create Realm option.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - Navigate to the master and click on Create Realm button

  • Create Realm: Enter Realm Name and click on CREATE to add realm.
Keycloak - Login create Realm
  • Enter the Client ID and click on the Save button.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - enter application name in Realm name text field

  • Enable the Client authentication and click on the Save button.
Keycloak - client authentication

  • Paste the copied (in step1) callback url into the Valid Redirect URLs text area and click on the Save button.
Keycloak - paste redirect-url

Create OAuth/OpenID Single Sign-On Application in Keycloak:

  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file Root Directory of keycloak/bin/standalone.sh
  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add a new realm by selecting Create Realm option.
Drupal Keycloak OAuth/OIDC Single Sign On - SSO - Navigate to the master and click on Create Realm button

  • Create Realm: Enter Realm Name and click on CREATE to add realm.
Keycloak - Login create Realm
  • Now, enter the Display name and click on the Save button.
Keycloak - enter display name

  • Navigate to the Clients tab and click on Create button.
Keycloak - Click on create button

  • Enter the Client ID and click on the Save button.
Keycloak - create client ID

  • Paste the previously copied Callback/Redirect URL into the Valid Redirect URLs text field and click on Save button.
Keycloak - paste redirect-url

  • Go to miniOrange OAuth Client module.
  • In Drupal’s Configure OAuth tab paste the copied Client ID and Client Secret from Keyclaok in the Client ID and Client Secret text fields.
Keycloak OAuth/OIDC Single Sign On - Paste client credentials

  • In Drupal’s Configure OAuth tab, replace "Keycloak_base_URL" with the copied Keycloak domain URL and realm-name with copied Realm name in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint text fields. Then, click on the Save Configuration button to proceed.

    • Enter the following information in the corresponding text fields of the Configure OAuth tab of them Drupal OAuth Client module.

    Scope openid email profile
    Authorize Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/userinfo
Keycloak OAuth/OIDC Single Sign On - Paste Realm Name and Domain Save Configuration

Integrating Drupal with Keycloak:

  • Copy the Client ID from the Keycloak application, client ID will be your client name.
Keycloak SSO Client id

  • Navigate to the Credentials tab and copy the Client Secret.
Keycloak SSO Client secret

  • In Drupal’s Configure OAuth tab paste the copied Client ID and Client Secret (copied from the Keycloak Portal) in the Client ID and Client Secret text-field.
Keycloak SSO Client secret

  • Copy the Keycloak Domain and Keycloak realm.
  • Replace the copied Keycloak Domain & Keycloak realm with the {your Domain} and {realm-name} in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint respectively.
  • Click on the Save Configuration button.
Keycloak - scope and endpoints

  • Keycloak Scope and Endpoints:

    • Enter the following information in the corresponding text fields of the Configure OAuth tab of them Drupal OAuth Client module.

    Scope openid email profile
    Authorize Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/userinfo

Integrating Drupal with Keycloak:

  • Copy the Client ID from the Keycloak application, client ID will be your client name.
Keycloak SSO Client id

  • Navigate to the Credentials tab and copy the Client Secret.
Keycloak SSO Client secret

  • In Drupal’s Configure OAuth tab paste the copied Client ID and Client Secret (copied from the Keycloak Portal) in the Client ID and Client Secret text-field.
Keycloak SSO Client secret

  • Copy the Keycloak Domain and Keycloak realm.
  • Replace the copied Keycloak Domain & Keycloak realm with the {your Domain} and {realm-name} in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint respectively.
  • Click on the Save Configuration button.
Keycloak - scope and endpoints

  • Keycloak Scope and Endpoints:

    • Enter the following information in the corresponding text fields of the Configure OAuth tab of them Drupal OAuth Client module.

    Scope openid email profile
    Authorize Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/userinfo
  • After successfully saving the configurations, please click on the Perform Test Configuration button to test the connection between Drupal and OAuth Provider.
OAuth-OIDC-Client-Configuration-Check-Connection-with-OAuth-Provider
  • On a Test Configuration popup, if you don't have any active sessions on the same browser, you will be requested to login to the OAuth Provider. After successfully logging, you will be provided a list of attributes received from the OAuth Provider.
  • Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.
    • Note and Contact Us - SSO between two WordPress sites

    Note: Mapping the Email Attribute is mandatory for your login to OAuth Provider.

Drupal OAuth Client - select Email Attribute
  • On the Attribute & Role Mapping tab, please select the Username Attribute from the dropdown list and click on the Save Configuration button.
Drupal OAuth Client - select user attribute and click save configuration
  • Now log out and go to your Drupal site’s login page. You will automatically find a Login with OAuth Provider link there. If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
Drupal OAuth Client - add link on other pages

If you face any issues during the configuration or if you want some additional features, please contact us at drupalsupport@xecurify.com.

More FAQs ➔

Follow the steps mentioned HERE

Follow the steps mentioned HERE

The logout functionality you've mentioned here is the default behavior of a module. It's logging you out of Drupal but not from your Application/Provider. To allow the module to logout from your provider/application account (what you are looking for), you need to make the below configurations: [know more]

As you have upgraded to one of our paid versions of the Drupal module and replaced the free module with the paid one, you must first activate the paid module. Please refer to the below steps. [Know more]

24x7 Support

24/7 Support

The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case.

 Contact us
Case Study

Case Studies

miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions.

 Read more
Other Solutions

Other Solutions

Feel free to explore other Drupal solutions that we offer the popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security.

 Know More

[MO_CONTACT_US]
ADFS_sso ×
Hello there!

Need Help? We are right here!
support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com