Contents

Setup Guide for Keycloak App

Follow the following steps to configure Keycloak as IdP to achieve Keycloak SSO

For the Keycloak Version 16 and below	Go to the Root Directory of keycloak bin standalone.sh
For the Keycloak Version 17 and above	Go to the Root Directory of keycloak bin kc.bat and run the below commands. 1. kc.bat build 2. kc.bat start-dev

Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.

Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the plugin. Click on CREATE to add realm.

Create OpenID client: Click on the Clients and choose create to create a new client. Enter client id and select client protocol openeid-connect and select Save.

Change Access type: After client is created change its access type to confidential.

Enter Valid Redirect URIs: Copy callback URL from plugin and then click on SAVE. Ex -- https:///oauth/callback

Get Client Secret: Now we need to get client secret. So select Clients and select credentials and copy your secret from here.

Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client Name under the Client ID field.
Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and choose to Add a new User.

User Configuration: After user is created following action needs to be performed on it.

Credentials

NOTE : Disabling Temporary will make user password permanent.

Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles and clicking on add selected.

Create ROLE: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Add Role.

Step 1.1: Steps to fetch Keycloak Groups [Premium]

Create groups: Click on the Groups and choose New to create a new group.

Assign user to group: Select the user whom you want to add in group. Choose Groups option from tab and then select the group-name and click on join.

Keycloak Group Mapper: Now to get group details we need to perform its client mapping with group membership else group details will not be fetched. So in Client section, select your client and then click on mapper->create.

Now, select mapper type as Group Membership and enter the name and token claim name i.e the attribute name corresponding to which groups will be fetched. Turn Off the full group path, Add to ID token and Add to access token options, and click on Save.

Note: -- If full path is on group path will be fetched else group name will be fetched.

Step 1.2: Steps to fetch Keycloak Roles [Premium]

Keycloak Role Mapper: Now to get role details we need to perform its client mapping with role membership else role details will not be fetched. So in Client section, select your client and then click on mapper->create.

Now, select mapper type as user realm Role Membership and enter the name. and token claim name i.e the attribute name corresponding to which groups will be fetched. Add to ID token and Add to access token options, and click on Save.

Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.

Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.

Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client id and select client protocol openeid-connect and Click Next.

Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your plugin present on your Client side under the CallBack URLs text-field.

Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring plugin.

Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client ID under the Client ID field.
Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and Click on Create new user to Add a new User.

User Configuration: After user is created following action needs to be performed on it.

Credentials

NOTE : Disabling Temporary will make user password permanent.

Map User: We need to map user to a role. Click on Role Mappings and assign the user desired role from available roles.

Create ROLE: The Role will be used by your applications to define which users will be authorized to access the application. Click on the Roles and choose Create Role.

Add Realm : Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.

Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.

Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client id and select client protocol openeid-connect and Click Next.

Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your plugin present on your Client side under the CallBack URLs text-field.

Go to the plugin and copy the Client Secret and keep it handy as we will require it later while configuring plugin.

Plugin Configuration: Enter copied Client Secret under Client secret field in the plugin, and enter the Client ID under the Client ID field.
Add User: We need to add users to r+ealm who will be able to access the resources of realm. Click on the Users and Click on Create new user to Add a new User.