Rocket.Chat's Community Open Call 🎤 Dec 15, 2021 Join us!

How to integrate keycloak with rocketchat

I am using rocket chat and keycloak both are in docker and hosted under domain name like chat) and
I want to integrate the rocket-chat with keycloak

I have followed this blog, But its not working

keycloak configuration

  1. Provide a client ID: rocket-chat-client
  2. Select the client protocol as openid-connect
  3. Select the client access type as confidential
  4. Standard flow implemented: ON
    5 .Valid Redirect URL:*

Rocket-chat configurations

  1. URL:
  2. Token Path: /realms/{realm_name}/protocol/openid-connect/token
  3. Token sent via: Header
  4. Identity Token Sent Via: Same As “Token Sent Via”
  5. Identity Path: /realms/{realm_name}/protocol/openid-connect/userinfo
  6. Authorize Path: /realms/{realm_name}/protocol/openid-connect/auth
  7. Scope: openid
  8. Param Name for access token: access_token
  9. Id: This is the id of the Rocket.Chat client created in the keycloak rocket-chat-client
  10. Secret: Secret key provided in the credentials tab when creating the Rocket.Chat client
  11. Button Text: Login with Keycloak


Have you seen this thread post?

Maybe it can shade some light about your issue.

I have not experience in keycloak, but I can ping some from our team regarding that.

These are the settings (Environment variables) that I’m using:

      - Accounts_OAuth_Custom_keycloak=true
      - Accounts_OAuth_Custom_keycloak_id=$APPLICATION_DOMAIN
      - Accounts_OAuth_Custom_keycloak_secret=
      - Accounts_OAuth_Custom_keycloak_url=$APPLICATION_SCHEME://$APPLICATION_DOMAIN/iam/auth
      - Accounts_OAuth_Custom_keycloak_token_path=/realms/$APPLICATION_REALM/protocol/openid-connect/token
      - Accounts_OAuth_Custom_keycloak_identity_path=/realms/$APPLICATION_REALM/protocol/openid-connect/userinfo
      - Accounts_OAuth_Custom_keycloak_authorize_path=/realms/$APPLICATION_REALM/protocol/openid-connect/auth
      - Accounts_OAuth_Custom_keycloak_scope=openid
      - Accounts_OAuth_Custom_keycloak_access_token_param=access_token
      - Accounts_OAuth_Custom_keycloak_button_label_text=$APPLICATION_NAME
      - Accounts_OAuth_Custom_keycloak_button_label_color=#FFFFFF
      - Accounts_OAuth_Custom_keycloak_login_style=redirect
      - Accounts_OAuth_Custom_keycloak_button_color=#13679A
      - Accounts_OAuth_Custom_keycloak_token_sent_via=payload
      - Accounts_OAuth_Custom_keycloak_identity_token_sent_via=header
      - Accounts_OAuth_Custom_keycloak_key_field=username
      - Accounts_OAuth_Custom_keycloak_username_field=preferred_username
      - Accounts_OAuth_Custom_keycloak_name_field=name
      - Accounts_OAuth_Custom_keycloak_email_field=email
      - Accounts_OAuth_Custom_keycloak_roles_claim=
      - Accounts_OAuth_Custom_keycloak_groups_claim=
      - Accounts_OAuth_Custom_keycloak_groups_channel_map=
      - Accounts_OAuth_Custom_keycloak_merge_users=true
      - Accounts_OAuth_Custom_keycloak_map_channels=
      - Accounts_OAuth_Custom_keycloak_merge_roles=false
      - Accounts_OAuth_Custom_keycloak_show_button=true
      - Accounts_OAuth_Custom_keycloak_avatar_field=

$APPLICATION_SCHEME = http or https
$APPLICATION_REALM = The realm name in Keycloak
Please note that Accounts_OAuth_Custom_keycloak_url may be different for you. We have an additional /iam/ that you probably don’t need.
Also we are using a client with access type set to public, so there is no access_token for us.

Some additional settings that may be handy if you only want to allow keycloak:

      - Accounts_AllowUsernameChange=false
      - Accounts_AllowEmailChange=false
      - Accounts_AllowPasswordChange=false
      - Accounts_AllowPasswordChangeForOAuthUsers=false

Hope this helps you.

1 Like

Thanks @dudanogueira and @stefan.badenhorst I have successfully integrate keycloak with Rocket chat