OAuth Single Sign-On (SSO) For Laravel Using Keycloak As OAuth provider


Laravel OAuth Single Sign-On (SSO) plugin gives the ability to enable OAuth Single Sign-On for your laravel applications. Using Single Sign-On you can use only one password to access your laravel application and services. Our plugin is compatible with all the OAuth compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between Laravel and Keycloak considering Keycloak as OAuth provider.

Pre-requisites : Download And Installation

  • Open a Command Prompt window and change the working directory to your Laravel app's main directory.
  • Enter the below command.
    composer require miniorange/oauth-laravel-free
  • After successful installation of package, go to your Laravel app in the browser and enter {laravel-application-domain}/ssologin.php?option=oauthredirect in the address bar.
  • The package will start setting up your database for you and then redirect you to the admin registration page.
  • Register or log in with your account by clicking the Register button to configure the plugin.
  • Laravel Single Sign On SSO plugin settings
  • After login, you will see the OAuth provider Settings option, where you will get the Redirect/Callback URL. Keep it handy as it will be required later to configure step 1.
  • Laravel Single Sign On SSO OAuth Client Settings

Steps to configure Keycloak Single Sign-On (SSO) Login into Laravel

1. Configure Keycloak as OAuth Provider

  • First of all, Download Keycloak and install it.
  • Start the keycloak server based on your keycloak version. (See table below)
  • For the Keycloak Version 16 and below

    Go to the Root Directory of keycloak bin standalone.sh

    For the Keycloak Version 17 and above

    Go to the Root Directory of keycloak bin kc.bat and run the below commands.
    1. kc.bat build
    2. kc.bat start-dev

  • Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - add realm
  • Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - add realm
  • Create OpenID client: Click on the Clients and choose create to create a new client. Enter client id and select client protocol openeid-connect and select Save.
  •  Keycloak Single Sign-On (SSO) - Keycloak OAuth - client id
  • Change Access type: After client is created change its access type to confidential.
  •  Keycloak Single Sign-On (SSO) - Keycloak OAuth - change access type
  • Enter Valid Redirect URIs: Copy callback URL from plugin and then click on SAVE. Ex -- https:// /oauth/callback
  •  Keycloak Single Sign-On (SSO) - Keycloak OAuth - change access type
  • Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.
  •  Keycloak Single Sign-On (SSO) - Keycloak OAuth - client id client secret
  • Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client Name under the Client ID field.
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - add user
  • User Configuration: After user is created following action needs to be performed on it.
    • 1) Setting a password for it so click on Credentials and set a new Password for the user.

    Keycloak Single Sign-On (SSO) - Keycloak OAuth - set password

    NOTE : Disabling Temporary will make user password permanent.

  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.
  •  Keycloak Single Sign-On (SSO) - Keycloak OAuth - map user
  • Create ROLE: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - add role

    You have successfully configured Keycloak as OAuth Provider for achieving Keycloak SSO login into your Laravel Site.

2. Configure Laravel OAuth plugin as OAuth Client

  • Go to the miniOrange Laravel OAuth SSO plugin and click on Choose you OAuth provider.
  • Laravel Single Sign On SSO select app
  • Enter the Client ID, Client Secret, Domain name , Realm and other required details. Click on Save Settings button.
  • Laravel Single Sign On SSO save settings

3. SSO Options

  • You can also use a link to login via your OAuth/OpenID provider.
  • This link is in the format:
    {laravel-application-domain}/ssologin.php?option=oauthredirect

In this Guide, you have successfully configured Keycloak OAuth Single Sign-On (Keycloak SSO Login) choosing Keycloak as OAuth provider and Laravel as OAuth Client using miniOrange plugin-OAuth Single Sign On – SSO Login. This solution ensures that you are ready to roll out secure access to your Laravel site using Keycloak login credentials within minutes.

Additional Resources

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com