Skip to content

Jans Keycloak Link#

The Jans Keycloak Link is a Jans Link module that provides synchronization services to update the Janssen User Store from an external Keycloak instance.

Jans Keycloak Link accesses Keycloak data via Keycloak API. A new client needs to be created on Keycloak in order to authorize Jans Keycloak Link for API access. The client can be configured to use one of the two authentication mechanisms:

Using Client Credentials Grant#

Create Client on Keycloak#

  • Create a new OpenId Connect client from Keycloak administration console
  • Configure this client as having confidential access type by enabling client authentication
  • Enable Service Accounts Enabled flag, which enables client credentials grant
  • Go to the tab Service accounts roles, assign role admin to the client using Assign role button
  • Keep a note of the client ID and client secret. This detail will be required to be added to the Janssen server

On the Janssen server, Jans Keycloak Link module configuration needs to be updated to be able to connect with Keycloak server.

  • Using TUI, update the Jans KC Link module configuration. Navigate to Jans KC Link -> Keycloak Configuration, and configure following parameters:
  • Server URL: Keycloak Server URL
  • Realm: Keycloak Realm
  • Client ID: ID of the newly created client on Keycloak
  • Client Secret: Client secret of the Keycloak client
  • Grant Type: Set this as client_credentials

- Test the integration

Using Resource Owner Password Credentials Grant#

Note

Use of this grant type is generally discouraged and removed from OAuth 2.1.

Configure Client on Keycloak#

  • Create a new OpenId Connect client from Keycloak administration console
  • Configure this client as having direct access grant
  • Create a user in the Keycloak server. The user should have permission to access Keycloak API in the Keycloak. For the instructions in this document, We will use the default Keycloak user which is admin.

On the Janssen server, Jans Keycloak Link module configuration needs to be updated to be able to connect with Keycloak server.

  • Using TUI, update the Jans KC Link module configuration. Navigate to Jans KC Link -> Keycloak Configuration, and configure following parameters:
  • Server URL: Keycloak Server URL
  • Realm: Keycloak Realm
  • Client ID: ID of the newly created client on Keycloak
  • Grant Type: Set this as password
  • Username: Set this as admin
  • Password: Password of admin user

- Test the integration

Test The Integration#

To check if the integration is working, you can create a user on Keycloak server. This user should reflect in Janssen Server after the polling interval has passed.

Use TUI to see the list of available users in Janssen Server.

Want to contribute?#

If you have content you'd like to contribute to this page in the meantime, you can get started with our Contribution guide.

Last update: 2025-01-20
Created: 2022-07-21