Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Keycloak OpenID Connect

4,058 sites Security covered
View on drupal.org

This module allows your Drupal users to log in using Keycloak, an open-source identity and access management system. It synchronizes user information between Drupal and Keycloak, supporting multi-language configurations for a seamless user experience.

The Keycloak module provides a Keycloak login provider client for the OpenID Connect module.

What does the module do?

The module allows you to authenticate your users against a Keycloak authentication server.

Keycloak is an Open Source Identity and Access Management system that supports OpenID Connect, OAuth 2.0 and SAML 2.0 login, LDAP and Active Directory user federation, OpenID Connect or SAML 2.0 identity brokering and various Social Logins out of the box.

Features

  • Login to Drupal using Keycloak OpenID Connect.
  • Synchronize user fields with OpenID attributes provided by Keycloak using the OpenID Connect module's claim mapping.
  • Additionally synchronize email address changes from within Keycloak with the connected Drupal user's email address.
  • Multi-language support:
    • Forward language parameters to Keycloak, so the login/user registration of Keycloak opens up in the same language as your multi-language Drupal site.
    • Map Keycloak's user locale settings to Drupal languages.

Version differences

8.x-1.x version

NEW: Added Drupal 10 support!

Integrates with OpenID Connect 2.x

2.2.x version

Drupal 10 version. Only supports OpenID Connect 3.x

The 2.x version contains a breaking change. Please check #3251827: Role mappping uses "user_data" instead of "userinfo" before upgrading to the 2.x version.

2.x Roadmap

Dependencies

Similar Projects

Keycloak supports OpenID Connect, OAuth2 and SAML standards for authentication clients. You might wish to also have a look to the following contributed modules to authenticate your Drupal users with Keycloak:

  • SAML Authentication
    This module features SAML-based user authentication. User attributes mapping is in development.
  • simpleSAMLphp Authentication
    This module requires a working setup of SimpleSAMLphp as service provider on your webserver to connect to the Keycloak Identity Provider. It features SAML-based authentication and user role provisioning.
  • OAuth2 Client
    A basic OAuth2.0 client for Drupal that can be extended programmatically.

Activity

Total releases
4
First release
Jan 2025
Latest release
7 months ago
Releases (12 mo)
2
Maintenance
Slowing

Release Timeline

Releases

Version Type Release date
2.2.3-rc1 Pre-release Nov 28, 2025
2.2.2 Stable Nov 19, 2025
2.2.1 Stable Jan 29, 2025
2.2.1-rc1 Pre-release Jan 19, 2025