Drupal is a registered trademark of Dries Buytaert
drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). eca 3.1.1 Minor update available for module eca (3.1.1). layout_paragraphs 2.1.3 Minor update available for module layout_paragraphs (2.1.3). ai 1.3.3 Minor update available for module ai (1.3.3). ai 1.2.14 Minor update available for module ai (1.2.14). node_revision_delete 2.0.3 Minor update available for module node_revision_delete (2.0.3). moderated_content_bulk_publish 2.0.52 Minor update available for module moderated_content_bulk_publish (2.0.52). klaro 3.0.10 Minor update available for module klaro (3.0.10). klaro 3.0.9 Minor update available for module klaro (3.0.9). layout_paragraphs 2.1.2 Minor update available for module layout_paragraphs (2.1.2). geofield_map 11.1.8 Minor update available for module geofield_map (11.1.8).
← All modules

keycloak

3,812 sites Security covered
View on drupal.org

The Keycloak module provides a Keycloak login provider client for the OpenID Connect module.

What does the module do?

The module allows you to authenticate your users against a Keycloak authentication server.

Keycloak is an Open Source Identity and Access Management system that supports OpenID Connect, OAuth 2.0 and SAML 2.0 login, LDAP and Active Directory user federation, OpenID Connect or SAML 2.0 identity brokering and various Social Logins out of the box.

Features

  • Login to Drupal using Keycloak OpenID Connect.
  • Synchronize user fields with OpenID attributes provided by Keycloak using the OpenID Connect module's claim mapping.
  • Additionally synchronize email address changes from within Keycloak with the connected Drupal user's email address.
  • Multi-language support:
    • Forward language parameters to Keycloak, so the login/user registration of Keycloak opens up in the same language as your multi-language Drupal site.
    • Map Keycloak's user locale settings to Drupal languages.

Version differences

8.x-1.x version

NEW: Added Drupal 10 support!

Integrates with OpenID Connect 2.x

2.2.x version

Drupal 10 version. Only supports OpenID Connect 3.x

The 2.x version contains a breaking change. Please check #3251827: Role mappping uses "user_data" instead of "userinfo" before upgrading to the 2.x version.

2.x Roadmap

Dependencies

Similar Projects

Keycloak supports OpenID Connect, OAuth2 and SAML standards for authentication clients. You might wish to also have a look to the following contributed modules to authenticate your Drupal users with Keycloak:

  • SAML Authentication
    This module features SAML-based user authentication. User attributes mapping is in development.
  • simpleSAMLphp Authentication
    This module requires a working setup of SimpleSAMLphp as service provider on your webserver to connect to the Keycloak Identity Provider. It features SAML-based authentication and user role provisioning.
  • OAuth2 Client
    A basic OAuth2.0 client for Drupal that can be extended programmatically.

Activity

Total releases
4
First release
Jan 2025
Latest release
4 months ago
Release cadence
104 days
Stability
50% stable

Release Timeline

Releases

Version Type Release date
2.2.3-rc1 Pre-release Nov 28, 2025
2.2.2 Stable Nov 19, 2025
2.2.1 Stable Jan 29, 2025
2.2.1-rc1 Pre-release Jan 19, 2025