I am using rocket chat and keycloak both are in docker and hosted under domain name like https://test1.com(rocket chat) and https://test2.com(keycloak)
I want to integrate the rocket-chat with keycloak
I have followed this blog, But its not working
keycloak configuration
- Provide a client ID:
rocket-chat-client - Select the client protocol as openid-connect
- Select the client access type as confidential
- Standard flow implemented: ON
5 .Valid Redirect URL:https:test1.com/*
Rocket-chat configurations
- URL:
https://test2.com/auth - Token Path:
/realms/{realm_name}/protocol/openid-connect/token - Token sent via: Header
- Identity Token Sent Via: Same As “Token Sent Via”
- Identity Path:
/realms/{realm_name}/protocol/openid-connect/userinfo - Authorize Path:
/realms/{realm_name}/protocol/openid-connect/auth - Scope:
openid - Param Name for access token:
access_token - Id: This is the id of the Rocket.Chat client created in the keycloak
rocket-chat-client - Secret: Secret key provided in the credentials tab when creating the Rocket.Chat client
- Button Text:
Login with Keycloak
Hi!
Have you seen this thread post?
Maybe it can shade some light about your issue.
I have not experience in keycloak, but I can ping some from our team regarding that.
These are the settings (Environment variables) that I’m using:
- Accounts_OAuth_Custom_keycloak=true
- Accounts_OAuth_Custom_keycloak_id=$APPLICATION_DOMAIN
- Accounts_OAuth_Custom_keycloak_secret=
- Accounts_OAuth_Custom_keycloak_url=$APPLICATION_SCHEME://$APPLICATION_DOMAIN/iam/auth
- Accounts_OAuth_Custom_keycloak_token_path=/realms/$APPLICATION_REALM/protocol/openid-connect/token
- Accounts_OAuth_Custom_keycloak_identity_path=/realms/$APPLICATION_REALM/protocol/openid-connect/userinfo
- Accounts_OAuth_Custom_keycloak_authorize_path=/realms/$APPLICATION_REALM/protocol/openid-connect/auth
- Accounts_OAuth_Custom_keycloak_scope=openid
- Accounts_OAuth_Custom_keycloak_access_token_param=access_token
- Accounts_OAuth_Custom_keycloak_button_label_text=$APPLICATION_NAME
- Accounts_OAuth_Custom_keycloak_button_label_color=#FFFFFF
- Accounts_OAuth_Custom_keycloak_login_style=redirect
- Accounts_OAuth_Custom_keycloak_button_color=#13679A
- Accounts_OAuth_Custom_keycloak_token_sent_via=payload
- Accounts_OAuth_Custom_keycloak_identity_token_sent_via=header
- Accounts_OAuth_Custom_keycloak_key_field=username
- Accounts_OAuth_Custom_keycloak_username_field=preferred_username
- Accounts_OAuth_Custom_keycloak_name_field=name
- Accounts_OAuth_Custom_keycloak_email_field=email
- Accounts_OAuth_Custom_keycloak_roles_claim=
- Accounts_OAuth_Custom_keycloak_groups_claim=
- Accounts_OAuth_Custom_keycloak_groups_channel_map=
- Accounts_OAuth_Custom_keycloak_channels_admin=rocket.cat
- Accounts_OAuth_Custom_keycloak_merge_users=true
- Accounts_OAuth_Custom_keycloak_map_channels=
- Accounts_OAuth_Custom_keycloak_merge_roles=false
- Accounts_OAuth_Custom_keycloak_show_button=true
- Accounts_OAuth_Custom_keycloak_avatar_field=
$APPLICATION_DOMAIN = My Keycloak Client ID
$APPLICATION_SCHEME = http or https
$APPLICATION_REALM = The realm name in Keycloak
Please note that Accounts_OAuth_Custom_keycloak_url may be different for you. We have an additional /iam/ that you probably don’t need.
Also we are using a client with access type set to public, so there is no access_token for us.
Some additional settings that may be handy if you only want to allow keycloak:
- Accounts_AllowUsernameChange=false
- Accounts_AllowEmailChange=false
- Accounts_AllowPasswordChange=false
- Accounts_AllowPasswordChangeForOAuthUsers=false
Hope this helps you.
1 Like
Thanks @dudanogueira and @stefan.badenhorst I have successfully integrate keycloak with Rocket chat
Are you using nginx as a reverse proxy? I am trying to get this setup as well and need help. I am new to both rocket chat and keycloak. I have keycloak and rocket chat setup with containers on the same docker network, did extra_hosts, and it seems like I come to the login page, I get redirected to keycloak, I login and then get brought back to the login page. Any insights would help greatly. 