Guide: Joomla OAuth Client Integration with Keycloak Single Sign-On (SSO) | Keycloak SSO


Integration of Keycloak Single Sign-on( Keycloak SSO ) with Joomla using OAuth 2.0 Protocol. The miniOrange Joomla OAuth / OpenID Connect Single SIgn-on (SSO) plugin makes it simple to set up Keycloak SSO into Joomla and enable secure login into joomla. As a result, users can log in to Joomla and access the site by authenticating with their Keycloak identity provider credentials.
Visit our Joomla OAuth Client Plugin webpage to learn more about the features and plans we offer for the Joomla OAuth Single Sign-on (OAuth & OpenID connect) plugin.

Plugin Download and Video Setup Guide


Steps to configure Keycloak Single Sign-On (SSO) into Joomla

1. Setup Keycloak as OAuth Provider

  • First of all, Download Keycloak and install it.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file

    Root Directory of keycloak/bin/standalone.sh

  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
  • Keycloak SSO OAuth openid-connect  add realm
  • Create Realm: Enter Realm Name and click on CREATE to add realm.
  • Create Role: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.
  • Keycloak SSO OAuth openid-connect  Add Role
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.
  • Keycloak SSO OAuth openid-connect  Add User
  • User Configuration: After user is created following action needs to be performed on it.
    • Setting a password for it so click on Credentials and set a new Password for the user.
    • Keycloak SSO OAuth openid-connect  Credentials

      NOTE : Disabling Temporary will make user password permanent


  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.
  • Keycloak SSO OAuth openid-connect  Role Mapping
  • Create groups: Click on the Groups and choose New to create a new group.
  • Keycloak SSO OAuth openid-connect  Create Group
  • Assign user to group: Select the user whom you want to add in group. Choose Groups option from tab and then select the group-name and click on join.
  • Keycloak SSO OAuth openid-connect  Assign User to Group
  • Create OpenID client: Click on the Clients and choose create to create a new client. Enter any random string as Client ID and keep it handy because you will need it in the next step. Select client protocol openeid-connect and select Save.
  • Keycloak SSO OAuth openid-connect  Create Openid Connect
  • Enter Change Access Type: Afterclient is created change it's access type to confidential
  • Keycloak SSO OAuth openid-connect  Change Access Type
  • Enter Valid Redirect URLs: Copy callback URL (Enter from miniOrange Oauth Client plugin which you copied in the last step) in the last step and then click on SAVE.
    Ex -- https://oauth/callback
  • Keycloak Group Mapper: Now to get group details we need to perform its client mapping with group membership else group details will not be fetched. So in client select Mappers and then click on create. Select mapper type Group Membership and enter name and token claim-name i.e the attribute name corresponding which groups will be fetched and click on Save Keycloak SSO OAuth openid-connect  Group Mapper

    Note: -- If full path is on group path will be fetched else group name will be fetched.



  • Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.
  • Client C Oauth SSO redentials
  • You have successfully completed your Keycloak OAuth Server side configurations



  • Scope: email profile
    Authorize EndPoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/userinfo

You have successfully configured Keycloak as OAuth Provider for for achieving Keycloak Single Sign-On (SSO) with Joomla for user integration.



2. Configure Joomla as OAuth Client


  • Download the zip file for the miniOrange OAuth Client plugin for Joomla from the link here.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Login into your Joomla site’s administrator console.
  • From left toggle menu, click on System, then under Install section click on Extension.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Upload the downloaded zip file to install the Joomla OAuth Client plugin.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • From left toggle menu click on Components, then click on miniOrange OAuth Client , then click on Configure OAuth tab.
  • Under Configure OAuth tab . Select your OAuth Provider. (If your OAuth Provider not listed then click on Custom OAuth/ Custom OpenID connect App .)
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Fill in the details you received from your OAuth Provider.
  • Copy the Redirect/Callback URL given in the plugin and click on the Save Settings button to save details in your OAuth Provider. Then click on Test Configuration button.
  • joomla oauth provider OAuth tab
  • After click on the Test Configuration button and copy the email and name attributes and save these attributes in Email Attribute and Name Attribute text field respectively. Now click on the Save Attribute Mapping button to save your configurations.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Use the Login URL to perform the SSO of your pre-configured OAuth/OpenID Connect Provider, (After completing test configuration please copy the Login URL and Add a button on your site login page).
  • Joomla OAuth Client - Login URL
  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
  • Congratulations, you have successfully configured the miniOrange OAuth Client plugin with your desired OAuth Provider.
  • Click on the Upgrade Plans tab to check out our complete list of features and various licensing plans. OR you can click here to check features and licensing plans
  • If you want to purchase any of the paid version of the plugin, you have to register/login with us in Account Setup tab. OR you can register/login Here
  • In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

  • Download the zip file for the miniOrange OAuth Client plugin for Joomla from the link here.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Login into your Joomla site’s administrator console.
  • Go to Extension Manage Install in the top navigation bar to install the plugin.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Upload the downloaded zip file to install the OAuth Client plugin.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Navigate to Extensions Manage Manage and search for miniorange in the Search bar provided to see the list of the components.
  • Go to Components MiniOrange OAuth Client Configure OAuth tab from the top navigation bar to go to the configuration page of the plugin.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Select your OAuth Provider from the Select Application dropdown. In case your OAuth Provider is not listed in the drop down, please select Custom OAuth Provider to continue.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Fill in the details you received from your OAuth Provider.
  • Copy the Redirect/Callback URL given in the plugin and click on the Save Settings button to save details in your OAuth Provider.
  • Click on the Test Configuration button and copy the email and name attributes and save these attributes in Email Attribute and Name Attribute text field respectively. Now click on the Save Attribute Mapping button to save your configurations.
  •  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration  Joomla Oauth / OpenID Connect Single Sign-on SSO for Joomla - App Client Configuration
  • Use the Login URL to perform the SSO of your pre-configured OAuth/OpenID Connect Provider, (After completing test configuration please copy the Login URL and Add a button on your site login page).
  • Joomla OAuth Client - Login URL
  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
  • Congratulations, you have successfully configured the miniOrange OAuth Client plugin with your desired OAuth Provider.
  • Click on the Upgrade Plans tab to check out our complete list of features and various licensing plans. OR you can click here to check features and licensing plans
  • If you want to purchase any of the paid version of the plugin, you have to register/login with us in Account Setup tab. OR you can register/login Here
  • In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

You have successfully configured Joomla as OAuth Client for achieving Joomla Keycloak Single Sign-On (SSO) with Joomla for user authentication.

In this Guide, you have successfully configured Joomla Keycloak Single Sign-On (SSO) by configuring Keycloak as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth Client plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Keycloak login credentials within minutes.

Additional Resources


Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com