Authentication with Keycloak

Keycloak is a standards-compliant OAuth 2.0 authorization server and a certified OpenID Connect provider.

The FintechOS built-in integration with Keycloak enables users to log in to the FintechOS Portal using the Keycloak single sign-on (SSO).

How to Set up the Keycloak Authentication


Make sure that you know the following values from the Keycloak administration console:

  • Client ID
  • Client Secret
  • Discovery Endpoint

In the web.config file, go to the <appSettings> section and add the configuration of your Keycloak setup:

<!-- 1. Set Keycloak authentication-->
<add key="EBSDefaultAuthentication" value="FTOSOIDC" />
<!-- 2. Replace these values with your Keycloak configuration: -->
<add key="openid-client-id" value="{ClientId}" />
<add key="openid-client-secret" value="{ClientSecret}" />
<add key="openid-discovery-endpoint" value="{DiscoveryEndpointUrl}" />
<add key="openid-callback-url" value="CallbackUrl" />
<!-- 3. Keycloack user role mapping settings: -->
<add key="membership-provider-connection-username" value="admintest" />
<add key="membership-provider-connection-secret" value="1234567" />

How users log in the FintechOS Portal

When accessing the FintechOS Portal, users who have a currently active Keycloak session are logged in automatically. Otherwise, they are displayed the Keycloak single sign-on login page and will use the Keycloak account credentials to log in to the FintechOS Portal.

FintechOS user account automatic synchronization

When a user logs in to FintechOS Portal using Keycloak single sign-on, the first name, last name, and email address stored in the corresponding FintechOS user account are updated automatically based on the Keycloak account settings.