Learn how to integrate Drupal with Keycloak via OpenID Connect. Our Drupal Support team is here to help you with your questions and concerns.

Integrate Drupal with Keycloak via OpenID Connect

SSO, short for Single Sign-On has become a critical feature for boosting user experiences in recent times.

Today, we are going to explore integrating Drupal and Keycloak with a focus on SSO via the OpenID Connect module.

This will let our users login effortlessly using their Keycloak credentials.

Module Installation with Composer and Drush

We begin with installing the OAuth/OpenID Connect module for Drupal. Here are the steps for Composer and Drush:

• Using Composer
  1. Open a terminal and run this command to download the module:

     composer require 'drupal/miniorange_oauth_client'
  2. Then, go to the Extend menu on the Drupal admin console and search for “miniOrange OAuth Client Configuration.”
  3. Then, enable the module.
• Using Drush
  1. Install the module with these commands:

     drush en drupal/miniorange_oauth_client
drush cr

  2. Then, enable the module from the Extend menu in the Drupal admin console.

Alternatively, we can opt for manual installation:

1. First, head to the Extend menu in the Drupal admin console.
2. Then, click on “Install new module” and install the OAuth & OpenID Connect Login module.
3. Now, enable the module and configure it at {BaseURL}/admin/config/people/miniorange_oauth_client/config_clc.

Setting Up Drupal as OAuth Client

After the module is installed, we have to set up Drupal as an OAuth client.

1. Go to Configuration > miniOrange OAuth Client Configuration > Configure OAuth tab.
2. Then, select “Keycloak” from the Select Application dropdown.
3. Next, copy the Callback/Redirect URL for later use.

Create OAuth/OpenID Single Sign-On Application in Keycloak

With Drupal ready, let’s configure Keycloak for OAuth/OpenID integration:

1. Log into the Keycloak administrator console and create a new realm. Then enter the realm name.
2. Now, head to Clients > Clients list > Create client.
3. Then, enter enter the Client ID under General Settings.
4. Next, enable Client authentication under Capability Configuration.
5. Finally, paste the Callback/Redirect URL into Valid redirect URIs in Login settings, and save.

Integrating Drupal with Keycloak

1. First, copy the Client ID from Keycloak’s Settings tab.
2. Then, paste the Client ID into the respective field in Drupal’s Configure OAuth tab.
3. Next, copy the Client secret from Keycloak’s Credentials tab.
4. Now, go to Drupal’s Configure OAuth tab and paste the Client secret into the respective field.
5. Then, go to the Keycloak Administrator console.
6. At this point, head to General under Realm settings and copy the Realm ID.
7. Then replace the copied Realm ID”realm-name” in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint text fields, respectively.
8. Now, head to the Keycloak Administrator console and copy the Keycloak domain URL.
9. We have to replace “Keycloak_base_URL” with the copied Keycloak domain URL in the Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint text fields in Drupal’s Configure OAuth tab.
10. Finally, click Save Configuration.

After saving the configuration, we can test it by clicking on the “Perform Test Configuration” button. This results in a successful connection between Drupal and Keycloak.

During the test configuration, select the Email Attribute from the dropdown menu to obtain the user’s email ID. Save the configuration.

Alternate Method: Using openid_connect module and IPTables

1. Install the openid_connect module using Drush:

   cd /var/www/sites/all/
drush dl openid_connect && drush en openid_connect

2. Setup IPTables to allow Docker containers to access the host machine:

   sudo iptables -A INPUT -i docker0 -j ACCEPT
3. Configure Keycloak and Drupal.

As seen above, integrating Drupal with Keycloak for seamless OAuth/OpenID Connect SSO opens up new possibilities for user authentication.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In brief, our Support Experts demonstrated how to integrate Drupal and Keycloak via OpenID.