Keycloak - Open Source Red Hat SSO

Keycloak is an open source IAM and SSO system.

To enable Keycloak as a backend:

  • On your project settings, add Keycloak on your AUTHENTICATION_BACKENDS:

  • Create a Client in your Keycloak realm

  • On your client under Fine Grain OpenID Connect Configuration ensure that User Info Signed Response Algorithm and Request Object Signature Algorithm is set to RS256. Save. Then go to: Realm Settings -> Keys -> RS256 and copy your Public key to SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY in your django settings

  • Add these values of Client ID and Client Secret from client in your project settings file.

The Client ID should be added on SOCIAL_AUTH_KEYCLOAK_KEY and the Client Secret should be added on SOCIAL_AUTH_KEYCLOAK_SECRET. You also need to add your keycloak instance auth and token URL’s found in the Realm OpenID Endpoint Configuration:

SOCIAL_AUTH_KEYCLOAK_KEY = 'test-django-oidc'

Lastly you need to ensure the client_id is in your JWT’s aud key. On your client go to Mappers -> Create. Create an Audience Mapper and ensure the Included Client Audience is your client_id.

Thereafter go to: <app_url>/login/keycloak and the authorization code flow should commense.

The default behaviour is to associate users via username field, but you

can change the key with e.g.