# Keycloak as OAuth2 Provider
In the following example configuration we will implement Keycloak as OAuth provider.
You will require Keycloak credentials for configuration.
# 1: Create New Client in Keycloak
Go to your Keycloak realm and create a new client with the following configuration:
| Field | Value |
|---|---|
| Client ID | ID, e.g., "4allportalOauthSample" |
| Client Protocol | openid-connect |
| Root URL | Enter the root URL of your application, e.g. "https://example.4allportal.net/" |
Save your configurations. Navigate to Settings and make the following additional specifications:
| Field | Value |
|---|---|
| Enabled | On |
| Consent required | Off |
| Access type | confidential |
| Standard Flow Enabled | On |
| Implicit Flow Enabled | On |
| Direct Access Grants Enabled | On |
| Service Accounts Enabled | On |
| Authorization Enabled | On |
| Valid Redirect URIs | Enter the redirect URIs, e.g. "https://example.4allportal.net/oauth/login/4allportalOauthSample" |
Please note: Make sure to use your Client ID in the redirect URI like this: https://example.com/oauth/login/{client_id}.
# 2: 4ALLPORTAL Basic Configuration
In the 4ALLPORTAL, navigate to admin snap-in Authentication/OAuth configurations. Click Create in the toolbar.
The following basic settings are required for a Keycloak provider:
- In field Provider name, enter your Client ID (e.g. 4allportalOauthSample).
- In field Base URL, enter your domain name (without
/at the end). - Enable field visible.
- Select a default role and a default language for the users logging in with this provider.
- In section Mapping of user fields you can add the following configuration:
| CoreEngine Field | External Field | Overwrite |
|---|---|---|
| ext_id | sub | false |
| true | ||
| username | user_name | true |
| firstname | given_name | true |
| lastname | family_name | true |
# 3. Get Realm Name
Before we can continue with the OAuth2 specific configuration, we require the realm name for the following URIs:
https://keycloak.example.net/auth/realms/{realm_Name}/protocol/openid-connect/authhttps://keycloak.example.net/auth/realms/{realm_Name}/protocol/openid-connect/userinfohttps://keycloak.example.net/auth/realms/{realm_Name}/protocol/openid-connect/token
# 4: 4ALLPORTAL OAuth2 Specific Configuration
The following OAuth2 specific settings are required for a Keycloak provider:
- In field Client ID, enter your Client ID
- In field Client secret, enter your Secret
Please note: The secret can be found in your Keycloak credentials (
Clients > {client} > Credentials) - In field Access token URI, enter
https://keycloak.example.net/auth/realms/{realmName}/protocol/openid-connect/token. - In field User authorization URI, enter
https://keycloak.example.net/auth/realms/{realmName}/protocol/openid-connect/auth. - In field User info URI, enter
https://keycloak.example.net/auth/realms/{realmName}/protocol/openid-connect/userinfo. - In section
Scopes, addprofile,emailandopenid.
Example configuration in the GUI
# 5: Complete Configuration
- Save your 4ALLPORTAL configuration and restart the system.