Keycloak

Using mod_auth_openidc with Keycloak

Keycloak and mod_auth_openidc is a great fit for self hosted authentication with user administration.

There's a sample setup for local OpenID Connect testing using Docker at https://github.com/Reposoft/openidc-keycloak-test.

You create an openid-connect type "client" in your Keycloak realm. Set access type to "Confidential", get a secret, put that secret in a conf with something like:

	OIDCProviderMetadataURL https://keycloak.example.net/auth/realms/Testrealm/.well-known/openid-configuration
	OIDCRedirectURI https://myserver.example.not/protected/redirect_uri
	OIDCCryptoPassphrase 0123456789
	OIDCClientID testclient
	OIDCClientSecret ca446a2d-a65f-4e84-95a7-d20eb36989d8

	OIDCRemoteUserClaim email
	OIDCScope "openid email"

Without an OICDRemoteUserClaim you'd get usernames like [user-uuid]@[keycloak-realm-url] which is unuseful. E-mail works well with Keycloak: user@example.net can authenticate

Single Sign On (SSO) works. Just duplicate your config in multiple VirtualHosts or httpd instances and modify the OIDCRedirectURI accordingly. You can add multiple "Valid Redirect URIs" in the Keycloak admin ui.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Keycloak

Using mod_auth_openidc with Keycloak

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally