Keycloak OpenID Connect

Categories

User Access & Authentication
User Management

Component ID

2920946

Component name

Keycloak OpenID Connect

Component type

module

Maintenance status

Actively maintained

Development status

Under active development

Component security advisory coverage

not-covered

Downloads

522

Component created

Component changed

Component body

The Keycloak module provides a Keycloak login provider client for the OpenID Connect module.

What does the module do?

The module allows you to authenticate your users against a Keycloak authentication server.

Keycloak is an Open Source Identity and Access Management system that supports OpenID Connect, OAuth 2.0 and SAML 2.0 login, LDAP and Active Directory user federation, OpenID Connect or SAML 2.0 identity brokering and various Social Logins out of the box.

Features

  • Login to Drupal using Keycloak OpenID Connect.
  • Synchronize user fields with OpenID attributes provided by Keycloak using the OpenID Connect module's claim mapping.
  • Additionally synchronize email address changes from within Keycloak with the connected Drupal user's email address.
  • Multi-language support:
    • Forward language parameters to Keycloak, so the login/user registration of Keycloak opens up in the same language as your multi-language Drupal site.
    • Map Keycloak's user locale settings to Drupal languages.

Roadmap

  • Issue #2920951: Single Sign Out (trigger Sign Out Endpoint on user sign out and implement OpenID Connect Session Management).
  • Issue #2920952: User roles synchronization between Keycloak and Drupal.
  • Issue #2920950: Make use of the Keycloak user API to allow synchronization of user properties from Drupal to Keycloak.

Dependencies

Similar Projects

Keycloak supports OpenID Connect, OAuth2 and SAML standards for authentication clients. You might wish to also have a look to the following contributed modules to authenticate your Drupal users with Keycloak:

  • SAML Authentication
    This module features SAML-based user authentication. User attributes mapping is in development.
  • simpleSAMLphp Authentication
    This module requires a working setup of SimpleSAMLphp as service provider on your webserver to connect to the Keycloak Identity Provider. It features SAML-based authentication and user role provisioning.
  • OAuth2 Client
    A basic OAuth2.0 client for Drupal that can be extended programmatically.

Component url

https://www.drupal.org/project/keycloak