Intergrate Discourse with keycloak

I would like to intergrate discourse with keycloak Any advice on how to go about it. Thankyou

Kind regards
Ndacyayisenga

Keycloak supports OpenID Connect, so you can integrate with it using OpenID Connect Authentication Plugin

1 Like

Few years back I wrote a keycloak plugin (identity provider) to sign into keycloak using Discourse auth apis. Not sure if its compatible with recent changes to discourse SSO, but if you need that part I might be able to publish it at some time.

@ldywicki I would be glad

Hello,
I have searched Discourse Meta multiple times, but I can’t find what I’m looking for (existing discussions either have no answers, or seem to be outdated)

We already have Keycloak running for our user management (and use it e. g. to authenticate users for our own applications).
Now we set up a Discourse instance and would like to use Keycloak as the SSO provider.

Is DiscourseConnect the correct thing to use here? Or do we need instead (or additionally) a plugin for openid, or SAML?
What do we need to configure on the Keycloak end? Is it just standard configuration, or do we need a plugin?

Thanks in advance!
Gunnar

1 Like

Hi @gschmid, welcome to Discourse Meta :wave:

The best in this case is to use a plugin, perhaps OAuth2 Basic or Discourse SAML depending on your specific needs

I leave them below:

In case you need I will be happy to provide assistance :smile:

Hi Alexander,

thanks for the quick response.

So I don’t need DiscourseConnect at all? What’s the purpose of it then?

Your authentication server (or maybe API or similar) should have a process compatible with Discourse Connect (Explained here)

Keycloak does not have native support in this case, so it is more advisable to use one of the plugins mentioned above.

I know the DiscourseConnect doc, but wasn’t able to bring the pieces together. Just out of curiosity, which auth servers support this out of the box?

Anyway, I will now try to get the suggested plugin(s) up and running. Thanks again.

1 Like

Ok, first part of work is done - GitHub - Code-House/keycloak-discourse: Integration between Keycloak and Discorse.. using Keycloak APIs to do so..
This repository contains code necessary to let Keycloak fetch identity information from discourse using “Discourse Connect” protocol.

2 Likes

Keycloak is generic identity provider - it does offer OpenID Connect compatible endpoints to authenticate external applications. You can pair Keycloak with Discourse using discourse-openid-connect plugin.
The Discourse Connect is a bit different. As far I understand it does permit to completely delegate user management to Keycloak, which might not be what you need for a start.

Note, I’ve made a integration to let Keycloak work with Discourse as identity provider. From what I see it shall be possible to implement Discourse Connect compatible endpoint for Keycloak, however that’s another story. :wink:

3 Likes

The Discourse Connect is a bit different. As far I understand it does permit to completely delegate user management to Keycloak, which might not be what you need for a start.

Actually, this is exactly what I would like to have, but since there seems to be no straightforward solution to that, I’m trying my luck with OIDC-Plugin.

I’ll be able to provide this kind of integration for Keycloak. It needs an extension of a different API within keycloak (login protocol). Remind me in July to get it done. :wink:

3 Likes

Hi @ldywicki , I’ve compiled the latest version of the Keycloak Identity provider module, but it doesn’t seem to be compatible with both the latest Discourse as well as with the latest Keycloak version. Do you think you can provide an update for that? :blush:
Thanks for your work!

Hey Danir,
I’ll be able to update this supplement, but I need a bit of time. You caught me shortly before relocation, thus I will need some time to test what is going on with more recent Keycloak.

@ldywicki
What does your Keycloak Spinup do different then the vanilla keycloak?

Ive installed original Keycloak, via docker.
Without any error message in the console, the user ends at the login screen with a endless spinning loading symbol after authenticating via keycloak.

I cant find the cause of this. Please help.