Intergrate Discourse with keycloak

Ndacyayisenga-droid · March 10, 2022, 8:38pm

I would like to intergrate discourse with keycloak Any advice on how to go about it. Thankyou

Kind regards
Ndacyayisenga

Falco · March 10, 2022, 8:48pm

Keycloak supports OpenID Connect, so you can integrate with it using OpenID Connect Authentication Plugin

ldywicki · May 5, 2022, 9:40pm

Few years back I wrote a keycloak plugin (identity provider) to sign into keycloak using Discourse auth apis. Not sure if its compatible with recent changes to discourse SSO, but if you need that part I might be able to publish it at some time.

Ndacyayisenga-droid · May 6, 2022, 1:29pm

@ldywicki I would be glad

gschmid · June 13, 2023, 4:58pm

Hello,
I have searched Discourse Meta multiple times, but I can’t find what I’m looking for (existing discussions either have no answers, or seem to be outdated)

We already have Keycloak running for our user management (and use it e. g. to authenticate users for our own applications).
Now we set up a Discourse instance and would like to use Keycloak as the SSO provider.

Is DiscourseConnect the correct thing to use here? Or do we need instead (or additionally) a plugin for openid, or SAML?
What do we need to configure on the Keycloak end? Is it just standard configuration, or do we need a plugin?

Thanks in advance!
Gunnar

Alexander · June 13, 2023, 9:02pm

Hi @gschmid, welcome to Discourse Meta

The best in this case is to use a plugin, perhaps OAuth2 Basic or Discourse SAML depending on your specific needs

I leave them below:

In case you need I will be happy to provide assistance

gschmid · June 14, 2023, 6:00am

Hi Alexander,

thanks for the quick response.

So I don’t need DiscourseConnect at all? What’s the purpose of it then?

Alexander · June 15, 2023, 12:41pm

Your authentication server (or maybe API or similar) should have a process compatible with Discourse Connect (Explained here)

Keycloak does not have native support in this case, so it is more advisable to use one of the plugins mentioned above.

gschmid · June 15, 2023, 3:21pm

I know the DiscourseConnect doc, but wasn’t able to bring the pieces together. Just out of curiosity, which auth servers support this out of the box?

Anyway, I will now try to get the suggested plugin(s) up and running. Thanks again.

ldywicki · June 18, 2023, 4:22pm

Ok, first part of work is done - GitHub - Code-House/keycloak-discourse: Integration between Keycloak and Discorse.. using Keycloak APIs to do so..
This repository contains code necessary to let Keycloak fetch identity information from discourse using “Discourse Connect” protocol.

ldywicki · June 18, 2023, 4:27pm

Keycloak is generic identity provider - it does offer OpenID Connect compatible endpoints to authenticate external applications. You can pair Keycloak with Discourse using discourse-openid-connect plugin.
The Discourse Connect is a bit different. As far I understand it does permit to completely delegate user management to Keycloak, which might not be what you need for a start.

Note, I’ve made a integration to let Keycloak work with Discourse as identity provider. From what I see it shall be possible to implement Discourse Connect compatible endpoint for Keycloak, however that’s another story.

gschmid · June 19, 2023, 11:50am

The Discourse Connect is a bit different. As far I understand it does permit to completely delegate user management to Keycloak, which might not be what you need for a start.

Actually, this is exactly what I would like to have, but since there seems to be no straightforward solution to that, I’m trying my luck with OIDC-Plugin.

ldywicki · June 19, 2023, 12:04pm

I’ll be able to provide this kind of integration for Keycloak. It needs an extension of a different API within keycloak (login protocol). Remind me in July to get it done.

danir.de · November 7, 2024, 3:51am

Hi @ldywicki , I’ve compiled the latest version of the Keycloak Identity provider module, but it doesn’t seem to be compatible with both the latest Discourse as well as with the latest Keycloak version. Do you think you can provide an update for that?
Thanks for your work!

ldywicki · November 8, 2024, 6:34pm

Hey Danir,
I’ll be able to update this supplement, but I need a bit of time. You caught me shortly before relocation, thus I will need some time to test what is going on with more recent Keycloak.

kOS · November 9, 2024, 11:17am

@ldywicki
What does your Keycloak Spinup do different then the vanilla keycloak?

Ive installed original Keycloak, via docker.
Without any error message in the console, the user ends at the login screen with a endless spinning loading symbol after authenticating via keycloak.

I cant find the cause of this. Please help.

Topic		Replies	Views
Keycloak with Discourse SSO	19	8845	January 23, 2021
Discourse with Keycloak for SSO Dev	7	5213	March 10, 2022
Mapping groups or roles using Keycloak SSO openid-connect , discourseconnect	1	275	August 23, 2023
Discourse, Keycloak, SAML vs OAuth Support	3	1818	September 24, 2020
Discourse, Keycloak, SAML - is it impossible to configure? SSO	7	4853	March 16, 2021

Intergrate Discourse with keycloak

Related topics