Guide for Magento 2 Keycloak (SSO)Login

Magento 2 Keycloak (SSO) Login allows the users to log in to the Magento 2 store in a single click with their Keycloak account. It enables the Magento 2 store admin to allow its users to enter the credentials only one time.

The module gives the Magento 2 website users ease to sign in with their keycloak account.

Keycloak- Keycloak is an open-source software solution that enables single sign-on with Identity and Access Management for modern applications and services.

Moreover, It offers multiple features such as;  Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console.

Check the overview of the plugin in the video mentioned-below –

• The customers can log in with their Keycloak with a single click.
• The customers have to enter their keycloak credentials only one time at the time of login.
• The customer can create their Magento 2 account with a single click.
• The users need to enter their username and password of Keycloak account only one time.

#1 Download Module

Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.

#2 Upload Folder

Once the module zip is extracted, follow path src>app and then copy the app folder into the Adobe Commerce Cloud root directory on the server as shown below:

#3 Run Commands

After uploading the module folder, you need to run the following commands in the Magento 2 root directory:

php bin/magento setup:upgrade

php bin/magento setup:di:compile

php bin/magento setup:static-content:deploy

php bin/magento indexer:reindex

php bin/magento cache:flush

The list of steps to install Keycloak for Ubuntu is provided below.

To install and configure KeyCloak on Ubuntu, follow these steps:

First, update the system.

apt-get update

Install Java in step two.

apt-get install default-jdk

• Check the Java version.

java -version

Download and install KeyCloak in step 3.

cd /opt/
wget https://github.com/keycloak/keycloak/releases/download/15.0.2/keycloak-15.0.2.tar.gz

• Extract the folder that you downloaded.

tar -xvf keycloak-15.0.2.tar.gz

• Change the name

mv keycloak-15.0.2 keycloak

• Create a user and group.

groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak

• Give ownership permission

chown -R keycloak: keycloak
chmod o+x /opt/keycloak/bin/

Configure the KeyCloak in step 4.

cd /etc/
mkdir keycloak

• Copy the configuration files listed below.

cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/

• Provide the ownership permission.

chown keycloak: /opt/keycloak/bin/launch.sh

• Open the launch.sh configuration file.

vim /opt/keycloak/bin/launch.sh

• Edit the following line:

WILDFLY_HOME="/opt/keycloak"

• Save the file.

Create a Systemd Service File in step 5.

• Copy the file.

cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service

• Open the keycloak.service file.

vim /etc/systemd/system/keycloak.service

• Update and edit the following lines

[Unit]
Description=The Keycloak Server
After=syslog.target network.target
Before=httpd.service[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/opt/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND
StandardOutput=null[Install]
WantedBy=multi-user.target

• Reload, enable, and launch the keycloak service.

systemctl daemon-reload
systemctl enable keycloak
systemctl start keycloak

• Check the status of Keycloak.

systemctl status keycloak

• Examine the Keycloak server log.

tail -f /opt/keycloak/standalone/log/server.log

Create an admin user for Keycloak in step 6.

/opt/keycloak/bin/add-user-keycloak.sh -u admin

• Set the password.

• Restart the Keycloak service.

systemctl restart keycloak

• To disable the HTTPS for Keycloak.

/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin

• The admin password must be given.

• Run the next command to disable HTTPS.

/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE

Open the KeyCloak web interface in step 7.

http://server-ip:8080

• Launch the Login web interface.

http://server-ip:8080/auth/admin

• Give your username and password.
• Simply click Sign In.
• Keycloak is now ready.

The user has to enter a username or email and password for keycloak registration.

A successful login to the Keycloak take us to the Keylock console and open the Master realm by default, We’ll concentrate on making a custom realm here. 

To add a client, navigate to the Clients area of your Keycloak admin console and click on Create button to add the client.

Furthermore, the below settings need to be done.

Add Client

Import- Select the file which you want to import.

Client ID- The client ID is required to enter here.

Client Protocol- After that, select the client protocol from the dropdown list.

Root URL- Enter the root URL of the Magento 2 homepage here.

Now, click on the Save button to add a client.

Add Users

Here, we add users to the keycloak to add a new user, navigate to the Users page and select the Add user button on the far right of the screen.

Fill out the form by entering your email address, first and last name, and then click the Save button as shown in the image below.

Note: We have a CORS issue when keycloak and Magento 2 are on different servers. To resolve this issue, the user has to enter the client URLs or Asterisk(*) in the Valid Redirect URL settings and Web Origin settings in the keycloak client settings.

To configure keycloak module, the admin has to navigate through Stores>Configurations>Keycloak Connector>Keycloak Configuration as shown in the image.

Here, the admin will make the following settings:

Enable Keycloak- Enable the status of the module by selecting Yes.

Realm-Now, enter the Realm name here.

SSL Required-  Ensures that all communication to and from the Keycloak server is over HTTPS.

Auth Server URL- The admin will enter the Auth Server URL same as Keycloak account.

Public Client- If set to Yes, the adapter will not send credentials for the client to Keycloak.

Confidential Port- The confidential port used by the Keycloak server for safe SSL/TLS connections.

URL- Here, the store admin will enter the URL of the keycloak.

Client ID- The admin will enter the client ID which is created in the Keycloak account.

The customers can sign in with their Keycloak account to the Magento 2 store with the button present right below the Sign In button as shown in the screenshots. This is the Keycloak SSO feature.

Also, you can check the Magento 2 Azure AD SSO login extension that allows the users to log into the Magento 2 store using their Azure AD credentials.

This will redirect to the Keycloak and here the customer needs to enter their Keycloak credentials and they will sign in to the Magento 2 store.

If you already have a keycloak account and are logged in, you will be instantly signed in to Magento 2 store with the email address you used to sign up for keycloak.

That is all about the Magento 2 Keycloak(SSO) Login. If you have any queries regarding the plugin, please contact us at Webkul Support System.

You can also check our complete Magento 2 extensions.