Search Results :

×

Setup Keycloak App as OAuth Server

Step 3: Configure Keycloak as an OAuth/OpenID Connect Server.

  • First of all, Download Keycloak and install it. You can also follow the guidelines to install the Keycloak server.
  • Start Server: Start the keycloak server by running the _standalone.sh_ file

    Root Directory of keycloak/bin/standalone.sh

  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
    • Keycloak Oauth SSO add realm
  • Create Realm: Enter Realm Name and click on CREATE to add realm.
  • Create Role: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.
    • Keycloak Oauth SSO Add Role
  • Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.
    • Keycloak Oauth SSO Add User
  • User Configuration: After user is created following action needs to be performed on it.
    • Setting a password for it so click on Credentials and set a new Password for the user.
      • Keycloak Oauth SSO Credentials

      NOTE : Disabling Temporary will make user password permanent


  • Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.
    • Keycloak Oauth SSO Role Mapping
  • Create groups: Click on the Groups and choose New to create a new group.
    • Keycloak Oauth SSO Create Group
  • Assign user to group: Select the user whom you want to add in group. Choose Groups option from tab and then select the group-name and click on join.
    • Keycloak Oauth SSO Assign User to Group
  • Create OpenID client: Click on the Clients and choose create to create a new client. Enter any random string as Client ID and keep it handy because you will need it in the next step. Select client protocol openeid-connect and select Save.
    • Keycloak Oauth SSO Create Openid Connect
  • Enter Change Access Type: Afterclient is created change it's access type to confidential
    • Keycloak Oauth SSO Change Access Type
  • Enter Valid Redirect URLs: Copy callback URL (Enter from miniOrange Oauth Client plugin which you copied in the last step) in the last step and then click on SAVE.
    Ex -- https://oauth/callback
  • Keycloak Group Mapper: Now to get group details we need to perform its client mapping with group membership else group details will not be fetched. So in client select Mappers and then click on create. Select mapper type Group Membership and enter name and token claim-name i.e the attribute name corresponding which groups will be fetched and click on Save Keycloak Oauth SSO Group Mapper

    Note: -- If full path is on group path will be fetched else group name will be fetched.



  • Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.
    • Client C Oauth SSO redentials
  • You have successfully completed your Keycloak OAuth Server side configurations



    • Scope: email profile
    Authorize EndPoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/userinfo
Hello there!

Need Help? We are right here!
support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com