v4
GitHub Home

🔑Keycloak Configuration Guide

Let's spin up a Keycloak server and configure it for your webapp!

Provisioning a Keycloak server

If you already have access to a Keycloak server you can skip this section.

Follow one of the following guides:

Configuring your Keycloak server

Let's configure your Keycloak server with good default for an SPA.

Connect to the admin panel of your Keycloak server (we assumes it's https://auth.my-domain.net/auth)

  • Create a realm called "myrealm" (or something else), go to Realm settings

    1. On the tab General

      1. User Profile Enabled: On

    2. On the tab login

      1. User registration: On

      2. Forgot password: On

      3. Remember me: On

    3. On the tab email, we give an example with AWS SES, if you don't have a SMTP server at hand you can skip this by going to Authentication (on the left panel) -> Tab Required Actions -> Uncheck "set as default action" Verify Email. Be aware that with email verification disable, anyone will be able to sign up to your service.

      1. From: noreply@my-domain.net

      2. Host: email-smtp.us-east-2.amazonaws.com

      3. Port: 465

      4. Authentication: enabled

      5. Username: **************

      6. Password: ***************************************

      7. When clicking "save" you'll be asked for a test email, you have to provide one that correspond to a pre-existing user or you will get a silent error and the credentials won't be saved.

    4. On the tab Themes. See Keycloakify for creating a Keycloak theme that match your webapp.

    5. On the tab Localization

      1. Internationalization: Enabled

      2. Supported locales: <Select the languages you wish to support>

    6. On the tab Sessions

      1. SSO Session Idle: 14 days - This is where you configure the auto logout policy. If you want your user to be automatically loged out after 30 minutes, set it here.

      2. SSO Session Max: 14 days

      3. SSO Session Idle Remember Me: 14 days

      4. SSO Session Max Remember Me: 14 days - Same but for when user have checked "Remember me when loging in"

  • Create a new OpenID Connect client called "myclient" (or something else) by accessing Clients -> Create Client

    1. Root URL: https://your-domain.net (or something else, your app does not need to be on the

    the same domain as your Keycloak).

    1. Valid redirect URIs: https://onyxia.my-domain.net/*, http://localhost* (for testing in local)

    2. Web origins: *

    3. Login theme: keycloak (or your theme if you have one)

  • (OPTIONAL) In Authentication (on the left panel) -> Tab Required Actions enable and set as default action Therms and Conditions. (You can use Keycloakify to specify your therme and condition, see next section)

  • (OPTIONAL) On the left pannel you can go to identity provider to enable login via Google, GitHub, Instagram, ect...

Now the parameter that you will have to provide to oidc-spa are: 

    issuerUri: "https://auth.your-domain.net/realms/myrealm",
    clientId: "myclient"

Replace your-domain.net, myrealm and myclient by what you actually used in the configuration process.

PreviousReact RouterNextEnd of third-party cookies

Last updated