Skip to main content

Part 1: Keycloak Integration with Sitecore

Part 1: Keycloak Integration with Sitecore

Application security is more important on day to day basis, access management(IAM) tools ensure that only authorized individuals can access the necessary resources, while unauthorized users are denied entry. This helps protect sensitive information, prevent data breaches, and maintain regulatory compliance.

What is a Keycloak?

Keycloak is an identity and access management(IAM) tool. Keycloak is an open-source tool having a license of Apache license 2.0. Keycloak empowers you to swiftly secure services while minimizing time requirements and seamlessly incorporating authentication into applications.

Keycloak Features

  • SSO: Keycloak fully enables both Single Sign-On and Single Sign-Out functionalities.
  • Admin Console:  Keycloak provides a user-friendly web-based GUI that simplifies the configuration process, allowing you to effortlessly customize your instance to align with your specific requirements.
  • Multiple Protocols Support: Currently, Keycloak extends support for three distinct protocols: OpenID Connect, OAuth 2.0, and SAML 2.0.
  • User Identity and Accesses: Keycloak offers the flexibility to serve as a standalone user identity and access management solution, enabling the creation of custom user databases with roles and groups tailored to your specific needs.
  • External Identity Source Sync: If your client already possesses an existing user database, Keycloak facilitates seamless synchronization with that database, ensuring smooth integration and data consistency.
  • Identity Brokering: Keycloak can also function as a reliable intermediary between your users and external identity providers, effectively serving as a proxy. The list of these providers can be easily managed and edited from the Keycloak Admin Panel.
  • Social Identity Providers: Furthermore, Keycloak provides the flexibility to leverage Social Identity Providers. It includes built-in support for popular platforms such as Google, Twitter, Facebook, and Stack Overflow. However, configuring these providers requires manual setup through the admin panel. For a comprehensive list of supported social identity providers and detailed configuration instructions, you can refer to the Keycloak documentation.
  • Pages Customization: Keycloak provides extensive customization options for all user-facing pages. These pages are in .ftl format, allowing you to leverage traditional HTML markup and CSS styles to seamlessly align the page with your application's visual design and your company's brand. Furthermore, you have the freedom to incorporate custom JavaScript scripts as part of the page customization, offering limitless possibilities for tailoring the user experience to your specific requirements.

Setup Keycloak Server

Download and Install Keycloak

To configure Keycloak, kindly adhere to the following steps:

  • Download the latest version from here
  • Prior to downloading the latest version of Keycloak from the provided link, please ensure that you have installed the Java SDK and added the corresponding path to the environmental variables.
  • Unzip the Keycloak folder and go to the bin folder of Keycloak. 
  • Run the below command:
    • kc.bat start-dev
  • Run this URL http://localhost:8080/ on the browser.

  • Create an initial Admin user, fill in Username, Password, and Password confirmation in Administration Console
  • Now you can login using your admin credential


Create a Realm

  • By default, Keycloak includes a pre-existing "Master" realm. However, if you wish to create a new realm, simply click on the top left dropdown menu and select the "Create Realm" button.

  • Type Realm name and click on Create button.



Create Client

  • To generate a new client, navigate to the left panel and select "Clients," followed by clicking on the "Create client" option.


  • Add required details


  • Click on the Next button.

  • On the subsequent screen, input the desired "Valid redirect URIs" and proceed by clicking on the Save button.

Create Roles and Users

  • All available roles can be found under "Realm roles," where you have the ability to create new roles as needed.



  • To generate new user accounts, simply access the "Users" link located in the left panel.
  • Add details and click on Create button.
  • Once the user will create click on user again and go to the Credentials tab and set a password.



  • In Role mapping, you can map the roles.
Congratulations! At this stage, you have successfully installed Keycloak. Now, you can seamlessly integrate your application with Keycloak to enable robust identity and access management capabilities.

In the next blog, we will integrate Keycloak with Sitecore CM.




Comments

Popular posts from this blog

Sitecore 10.2 - “Failed to start service ‘Sitecore Marketing Automation Engine’” on Windows 11

Sitecore 10.2 - “Failed to start service ‘Sitecore Marketing Automation Engine' ” on Windows 11 Today I started to install Sitecore 10.2 using Sitecore Instance Manager on Windows 11 and I got this issue “Failed to start service ‘Sitecore Marketing Automation Engine' ” . Error : On event viewer it was showing the below error: I also tried to run ‘ Sitecore.MAEngine.exe ’ like this C:\Windows\system32>C:\inetpub\wwwroot\sclocal102xconnect.dev.local\App_Data\jobs\continuous\AutomationEngine\Sitecore.MAEngine.exe Which was throwing below error: Starting Marketing Automation Engine... 2022-01-29 22:21:11 ERR Error initializing XConnect client. System.AggregateException: One or more errors occurred. ---> Sitecore.XConnect.XdbCollectionUnavailableException: An error occurred while sending the request. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected err...

Sitecore Custom API Issue with Federation Authentication

Sitecore Custom API Issue with Federation Authentication In earlier segments, detailed in Part 1 and Part 2 of the blogs on Keycloak Integration with Sitecore, I introduced Keycloak functionality for CM login. Concurrently, I addressed a necessity to develop custom APIs for retrieving Sitecore users and roles. Following the development of custom APIs, during authentication failures, the API erroneously returned a status code of 200 instead of 401. The problem arose because API requests were being routed through the "owin.identityProviders" pipeline, which was not intended for API usage. Solution: When OWIN identifies a 401 response and the AuthenticationMode is set to "Active," it fails to capture the URL hash included in the request. Another choice is to activate the "Passive" AuthenticationMode, wherein OWIN refrains from actively intercepting 401 responses. In passive mode, your application needs to explicitly issue a Challenge to trigger the OWIN aut...

Azure AD Integration with Sitecore 10.2

 Azure AD Integration with Sitecore 10.2 Sitecore identity server that comes with Sitecore 9.1 allows you to log in through an external identity provider like Azure Active Directory, Facebook, Apple, or Google. It is built on Federation Authentication. What is Federation Authentication? Federation authentication is a technology to allows users to access multiples application, tools, and domains using one credential. Using one set of credential user can access multiple applications, and resources after authentication.  Federation authentication consists of two systems, the Identity provider and the Service provider. Identity providers that maintain/create/manage identity information like name, email address, device, and location. Some examples of identity providers are Azure AD, Google, Facebook, and Apple. Service providers basically refer to a website, software, or app that the user is trying to access and SP basically relies on the identity provider to authenticate the user ...