Authenticate Keycloak

Hi everyone,
Does anyone have an example of how to authenticate using Keycloak?

Hey Luis. I did it successfully yes.

You have to create a Keycloak OIDC Client. You enable Client authentication (confidential client) and standard flow. You fill in Valid redirect URIs with https://[your-corteza]/auth/external/openid-connect.[your-corteza-client-handle]/callback. You fill web origins with https://[your-corteza]. You save and go to tab “credentials”. There you copy the client secret to clipboard.

In Corteza (2024.9) you go to Admin > Auth settings. There is a section called External Authentication Providers where you click on Add an OIDC provider. In the popup:

  • Handle: Doesnt matter as long as it is the same name you use in Keycloak in your valid redirect URI.

  • OIDC Issuer URL: https://[your-keycloak]/realms/[your-realm]

  • Client key: Whatever you called you Client in Keycloak

  • Secret: The Client secret you copied to your clipboard

  • Scope: “openid email profile”

Click on ok and I think that should be it. I run Corteza in Docker and it might be that I had to restart the Container but not sure.

1 Like

@Swordfish would you mind if this gets included in the documentation? If all is good, could you please provide some screenshots to describe this?

Hey :slight_smile:

Yeah sure you can do that.

Regarding the screenshot… I followed another approach in my project (Corteza Impersination Token) to integrate Corteza with my other stuff, so unfortunately I deleted the approach I described above :frowning:

But it should be easy to reproduce as long as you have a little experience with both tools I guess.

Maybe you can try to do so and if you get stuck, just ping me.

Edit: Ok nevermind, I just set it up again. I have the screenshots but this Forum wont let me upload more than one media file per post and zip is not possible either. How can I provide you the screenshots @tjerman ?

@Swordfish , thanks for the reply. I’m also interested in the screenshots.

Ok I think it works now. So here are the screenshots.

First we create the Keycloak Client:

Then we copy the CLient secret to the clipboard:

Then we create the Corteza Provider:

Click on “Add an OIDC Provider” Button:

Fill the form:

Click on submit to save the new provider:

Restart Corteza Container. Now your Corteza Login should have a new button:

And this should lead you to the Keycloak Login:

I you have any questions/issues, just let me know :slight_smile:

1 Like

Amazing thanks a lot🙏

1 Like