Automatic User Provisioning and Sync between Joomla and Keycloak

Keycloak User Sync is an easy-to-use plugin for Joomla that provides seamless synchronization of user information between Keycloak and Joomla. It provides a simple and secure way to keep user information in sync, allowing administrators to easily provision users and manage user data with manual, on-demand or scheduler-based provisioning.

Pre-requisites : Download And Installation

Steps to Setup Keycloak user sync for Joomla

1. Install the Keycloak User Sync for Joomla

• Download the zip file for the miniOrange Joomla Okta User Sync plugin from the link here.
• Login into your Joomla site’s administrator console.
• From the Menu, click on System, then under Install section click on Extension.

• Upload the downloaded zip file to install the Keycloak User Sync for Joomla plugin.

• Installation of the plugin is successful. Now click on Start using miniOrange Keycloak User sync plugin.

2. Configure Keycloak

• Go to your Keycloak console and select your realm and click on Users. Ensure that your Realm does not have a space present in the name.

• Go to Users and click on the Create new user button to create a user.

• On creating a new user enter the required details and click on Create.

• After a user is created go to Credentials tab and click on the Set password button to set a password for the user.

• Enter the user password and click on Save.

• Note: Disabling Temporary will make user password permanent.
• Once the user password is set, go to the Role Mapping tab and assign the user a role of ‘manage-users’ under the ‘realm-management’ client roles.

• Filter the roles by Filter by clients and search by user, select the realm-management, manage-users role and click on the Assign button.

3. Create a Client

• To create a client hover over to the Clients section on the left panel and click on the Create Client button.

• To create the client, enter the required details and click on the Next button.

• In the next step, select only the Direct access grant type and click on the Save button.

• All the configurations are completed on the Keycloak side. Let’s go to our Joomla Keycloak sync plugin and complete the plugin configuration.

4. Configure Keycloak User Sync Plugin

• Go to the Configure Keycloak tab and enter the Keycloak Domain, Client ID and your Realm name from the Keycloak application that you created above.
• To copy the Keycloak domain, go to your Keycloak console and copy the domain.

• Enter the copied Keycloak domain name in the Keycloak Domain field present on the Configure Keycloak tab.

• To copy the Client ID hover to your Keycloak settings and copy the client ID from there as shown below.

• Copy the Client ID and paste it in the Client ID field in the Configure Keycloak tab.

• To copy the Realm name go to your Keycloak panel and copy the realm name.

• Then paste it in the Realm field in the Configure Keycloak tab.

• Enter the Username and the password of the user you created with the permission of ‘manage-users’ and click on the Save Configuration button.

• Congratulations, you have successfully verfied the User's Email address during registartion.

5. Test Configuration

• To test if the connection is successful or not, click on the Test Connection button present in the Configure Keycloak tab.

6. Sync Users from Joomla to Keycloak

• The plugin provides an option to sync your users from Joomla to Keycloak. In this section, you can manually sync a Joomla user to keycloak, manually delete a user in keycloak, automatically create a user in Keycloak once a user is created in Joomla and automatically delete a user in Keycloak once a user is deleted in Joomla.
• 1. Manually create an Individual User in Keycloak:
• Select the Joomla user you want to create in Keycloak from the dropdown. After selecting the user, click on the Create User button.

• You will get a message stating that the user is successfully created in your realm.

• Go to your Keycloak realm and go to users. You will see that the user is successfully created.

• 2. Manually delete a user in Keycloak:
• This provides an option to select a user from the available Keycloak users and delete a user in Keycloak. Select the Keycloak user you wish to delete and click on the Delete User button.

• Once the user is successfully deleted you will get a message that the user is successfully deleted from Keycloak.

• To verify if the user is deleted or not, go to your Keycloak realm and users. You can notice here that there is no user called testest.

• 3. Automatic Provisioning of Users:
• Enable Automatic User creation: If this option is enabled, any user that is created on your Joomla site, will be created in Keycloak.

• Enable Automatic User Deletion: If this option is enabled, any user that is deleted from your Joomla site, will automatically be deleted from Keycloak.

7. Sync Users from Keycloak to Joomla

• User Attribute Mapping: To create/sync users from Keycloak to Joomla, we will have to map their username and Emails. To map the Username and Email attributes, you can select the attribute name from Keycloak which maps to the user’s username and email respectively. You can refer to the test configuration window to map the attributes. Click on the Save Configuration button to save the User Attributes Mapping.

• User Synchronization from Keycloak to Joomla: This allows the user to create/sync a user from Keycloak to Joomla. You can select the Keycloak user from the dropdown which needs to be created/synced in Joomla. If the user is already present in Joomla, the user attributes will be synced. Else if the user is not present in Joomla, a new Joomla user will be created based on the Keycloak User Attributes.

• Once the user is successfully created on Joomla you will get the following message.

• The user is successfully created in Joomla.

• If you were unable to find your user in the dropdown, you can click on the Retrieve all Users button to retrieve all your Keycloak users.

• Sync All Users: This option allows all the users present in your Keycloak AD to be created/synced in Joomla. If a user is already present in Joomla, their user attributes will be synced, else a new user in Joomla will be created.
• Click on the Sync All Users button to sync all your Keycloak Users in Joomla.

• You can see all the Keycloak users are created in Joomla.

24 x 7 Support

If you are looking for anything which you cannot find, please drop us an email on joomlasupport@xecurify.com.