Keycloak and FreeIPA

This is the first post where I will be installing Keycloak using FreeIPa for User Federation. I will be using mod_auth_openidc to configure an SP to provide authentication with Keycloak IdP.


IPA - FreeIPA Master Server. This is the server that provides user information. For more information:

IdP - IdP stands for Identity Provider. It provides applications with identity information upon request. It also can aid with authentication. IdP can link other Identity Providers together to centrally link separate data sources for authentication.

SP - stands for Service Provider. It is an application that uses mod_auth_mellon or mod_auth_openidc to connect these applications to Keycloak. I will be using mod_auth_openidc

OpenIDC - OpenID Connect. Used to connect the SP to Keycloak. It is provided by mod_auth_openidc.


Everything in this series was used on Fedora 27 VMs with Keycloak 3.4.3.

  1. How to Install FreeIPA
  2. How to Setup Keycloak
  3. How to Setup Keycloak User Federation
  4. How to Setup an OpenID Connect SP


Keycloak Documentation

Scott Poore’s Blog - I heavily used his tutorial on his blog post series when I first started to set up keycloak myself. I’d like to think what I’m doing is just a more updated version of his series, as his was used on Fedora 24 wth Keycloak 2.4.0 and I’m using Fedora 27 with Keycloak 3.4.3. Most of the differences will be in setting up SSL and HTTPS, and having my SPs be an IPA Client, but other than that most of this tutorial series will be the same as his.

Written on June 11, 2018