Intergrate Discourse with keycloak

I would like to intergrate discourse with keycloak Any advice on how to go about it. Thankyou

Kind regards
Ndacyayisenga

Keycloak supports OpenID Connect, so you can integrate with it using OpenID Connect Authentication Plugin

Few years back I wrote a keycloak plugin (identity provider) to sign into keycloak using Discourse auth apis. Not sure if its compatible with recent changes to discourse SSO, but if you need that part I might be able to publish it at some time.

@ldywicki I would be glad

Hello,
I have searched Discourse Meta multiple times, but I can’t find what I’m looking for (existing discussions either have no answers, or seem to be outdated)

We already have Keycloak running for our user management (and use it e. g. to authenticate users for our own applications).
Now we set up a Discourse instance and would like to use Keycloak as the SSO provider.

Is DiscourseConnect the correct thing to use here? Or do we need instead (or additionally) a plugin for openid, or SAML?
What do we need to configure on the Keycloak end? Is it just standard configuration, or do we need a plugin?

Thanks in advance!
Gunnar

Hi @gschmid, welcome to Discourse Meta

The best in this case is to use a plugin, perhaps OAuth2 Basic or Discourse SAML depending on your specific needs

I leave them below:

In case you need I will be happy to provide assistance

Hi Alexander,

thanks for the quick response.

So I don’t need DiscourseConnect at all? What’s the purpose of it then?

Your authentication server (or maybe API or similar) should have a process compatible with Discourse Connect (Explained here)

Keycloak does not have native support in this case, so it is more advisable to use one of the plugins mentioned above.

I know the DiscourseConnect doc, but wasn’t able to bring the pieces together. Just out of curiosity, which auth servers support this out of the box?

Anyway, I will now try to get the suggested plugin(s) up and running. Thanks again.

Ok, first part of work is done - GitHub - Code-House/keycloak-discourse: Integration between Keycloak and Discorse.. using Keycloak APIs to do so..
This repository contains code necessary to let Keycloak fetch identity information from discourse using “Discourse Connect” protocol.

Keycloak is generic identity provider - it does offer OpenID Connect compatible endpoints to authenticate external applications. You can pair Keycloak with Discourse using discourse-openid-connect plugin.
The Discourse Connect is a bit different. As far I understand it does permit to completely delegate user management to Keycloak, which might not be what you need for a start.

Note, I’ve made a integration to let Keycloak work with Discourse as identity provider. From what I see it shall be possible to implement Discourse Connect compatible endpoint for Keycloak, however that’s another story.

The Discourse Connect is a bit different. As far I understand it does permit to completely delegate user management to Keycloak, which might not be what you need for a start.

Actually, this is exactly what I would like to have, but since there seems to be no straightforward solution to that, I’m trying my luck with OIDC-Plugin.

I’ll be able to provide this kind of integration for Keycloak. It needs an extension of a different API within keycloak (login protocol). Remind me in July to get it done.