Search Results :

×

Keycloak Single Sign-on ( SSO ) Integration with Drupal OAuth/OpenID Client

Keycloak Single Sign-on ( SSO ) Integration with Drupal OAuth/OpenID Client


Drupal Keycloak SSO integration will allow you to configure Single Sign-On ( SSO ) login between your Drupal site and Keycloak using OAuth / OpenID protocol. Drupal OAuth / OpenID Connect module gives the ability to enable login using Single Sign-On ( OAuth / OIDC Provider) into the Drupal site. We provide the Drupal OAuth / OpenID Client module for Drupal 7, Drupal 8, and Drupal 9. The upcoming major Drupal releases i.e. Drupal 10 will also be supported.
Here we will go through a guide to configure the SSO login between Drupal and Keycloak. By following these steps, users of Keycloak will be able to log into the Drupal site using their Keycloak credentials.
If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module.


Pre-requisite: Download and Installation 


  • Download the module:
    Composer require 'drupal/miniorange_oauth_client'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange OAuth Client Configuration using the search box.
  • Enable the module by checking the checkbox and click on the Install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Install the module:
    drush en drupal/miniorange_oauth_client
  • Clear the cache:
     drush cr
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc
  • Navigate to Extend menu on your Drupal admin console and click on Install new module.
  • Install the Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • You can configure the module at:
    {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc

Steps to configure Keycloak as OAuth Provider and Drupal OAuth/OpenID Client

1. Setup Drupal as OAuth Client

  • After installing the module, go to the Configuration tab and select miniOrange OAuth Client Configuration module link.
  • Drupal OAuth Client - Configuration tab and select miniorange oauth client module
  • In the Configure OAuth tab, select Keycloak from the Select Application dropdown list.
  • Note: In case you can't find your Application/Provider in the Select Application dropdown list, choose the Custom OAuth 2.0 Provider instead.

  • Copy the Callback/Redirect URL and keep it handy.
  • Please Note: If your provider only supports HTTPS Callback/Redirect URL and you have an HTTP site, just save your base site URL in the Sign In Settings tab with HTTPS.

  • Enter the application name in the Display Name text field. For example, Keycloak
  • Drupal OAuth Client - Configure OAuth tab Select Keycloak and copy the Callback URL

2. Configure SSO Application in Keycloak

  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file Root Directory of keycloak/bin/standalone.sh
  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
  • Keycloak - Login Add Realm
  • Create Realm: Enter Realm Name and click on CREATE to add realm.
  • Keycloak - Login create Realm
  • Now, enter the Display name and click on the Save button.
  • Keycloak - enter display name
  • Navigate to the Clients tab and click on Create button.
  • Keycloak - Click on create button
  • Enter the Client ID and click on the Save button.
  • Keycloak - create client ID
  • Paste the previously copied Callback/Redirect URL into the Valid Redirect URLs text field and click on Save button.
  • Keycloak - paste redirect-url

3. Integrating Drupal with Keycloak

  • Copy the Client ID from the Keycloak application, client ID will be your client name.
  • Keycloak SSO Client id
  • Navigate to the Credentials tab and copy the Client Secret.
  • Keycloak SSO Client secret
  • In Drupal’s Configure OAuth tab paste the copied Client ID and Client Secret (copied from the Keycloak Portal) in the Client ID and Client Secret text-field.
  • Keycloak - Client Credentials
  • Copy the Keycloak Domain and Keycloak realm.
  • Replace the copied Keycloak Domain & Keycloak realm with the {your Domain} and {realm-name} in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint respectively then click on the Save Configuration button.
  • Keycloak - scope and endpoints
  • You have successfully completed your Keycloak App OAuth Server side configurations.
  • Enter the following Keycloak Scope and Endpoints:
  • Client ID : from the above step
    Client Secret : from the above step
    Scope: email profile
    Authorize Endpoint: (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/userinfo

4. Test Configuration of Drupal with Keycloak

  • After successfully saving the configurations, click on the Perform Test Configuration button to test the connection between Drupal and Keycloak.
  • Keycloak sso login with drupal OAuth OpenID Single Single On Keycloak test Configuration
  • This Test Configuration window will provide you with a list of the attributes that are coming from the Keycloak.
  • Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.
  • Keycloak sso login with drupal OAuth OpenID Single Single On Keycloak test Configuration successfully
  • Now, in the Attribute & Role Mapping tab, you can also choose the Username Attribute from the dropdown and click on the Save Configuration button.
  • Keycloak sso login with drupal OAuth OpenID Single Single On Keycloak test Configuration successfully

    Please note: Mapping the Email Attribute is mandatory for your login to work.

  • Now log out and go to your Drupal site’s login page. You will automatically find a Login with Keycloak link there. If you want to add the SSO link to other pages as well, please follow the steps given in the image below :
  • Keycloak sso login with drupal OAuth OpenID Single Single On Keycloak test Configuration successfully

miniorange img Steps to configure Keycloak as OAuth Provider:

  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file Root Directory of keycloak/bin/standalone.sh
  • Create Realm: Now login to keycloak administration console and navigate to your desired realm. You can add a new realm by selecting Create Realm option.
  • Keycloak - Login Add Realm
  • Create Realm: Enter Realm Name and click on CREATE to add realm.
  • Keycloak - Login create Realm
  • Enter the Client ID and click on the Save button.
  • Keycloak - create client ID
  • Enable the Client authentication and click on the Save button.
  • Keycloak - client authentication
  • Paste the copied (in step1) callback url into the Valid Redirect URLs text area and click on the Save button.
  • Keycloak - paste redirect-url

miniorange img Integrating Drupal with Keycloak

  • Copy the Client ID from the Keycloak application, client ID will be your client name.
  • Keycloak SSO Client id
  • Navigate to the Credentials tab and copy the Client Secret.
  • Keycloak SSO Client secret
  • In Drupal’s Configure OAuth tab paste the copied Client ID and Client Secret (copied from the Keycloak Portal) in the Client ID and Client Secret text-field.
  • Keycloak - Client Credentials
  • Copy the Keycloak Domain and Keycloak realm.
  • Replace the copied Keycloak Domain & Keycloak realm with the {your Domain} and {realm-name} in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint respectively.
  • Click on the Save Configuration button.
  • Keycloak - scope and endpoints
  • Keycloak Scope and Endpoints:
  • Scope: openid email profile
    Authorize Endpoint: (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: (Keycloak base URL)/realms/{realm-name}/protocol/openid-connect/userinfo

miniorange img Test Configuration of Drupal with Keycloak

  • Now, click on the Perform Test Configuration button.
  • Keycloak test Configuration
  • This Test Configuration will give you the list of the attributes that are coming from Keycloak.
  • Drupal received list of attribute from keycloak
  • Now, after clicking on the Done button, you will be redirected to Attribute & Role Mapping tab. Under this tab, select the Email Attribute from the dropdown list. If the attribute is not listed, you can select custom and then enter the attribute in the text field.
  • Keycloak attribute mapping
  • Now, select the Username Attribute from the dropdown list. If the attribute is not listed, you can select custom and then enter the attribute in the text field.
  • Keycloak username attribute
  • Now, click on the Save Configuration button.
  • Keycloak save configuration

    Please note: This step is mandatory for your login to work. Click on the Save Configuration button to save your attribute configurations.

  • If your OAuth Provider supports only HTTPS Root URL or Base URL (for eg. Azure, Azure B2C) you can change it under the Sign In Settings tab.
  • Keycloak sign in settings
  • Now open the incognito window and go to your Drupal site’s login page. You will automatically find a Login with link there. If you want to add your login link to other pages as well, please follow the steps given in the below image:
  • Keycloak login page

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal OAuth/OpenID Single Sign On module.

Additional Resources

Our Other modules

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com