Last updated
Keycloak
Prerequisites
- Keycloak server deployed and accessible
- Admin access to Keycloak realm
Configuration Steps
Step 1: Access Keycloak Admin Console
- Navigate to Keycloak Admin Console:
https://[KEYCLOAK-URL]/admin - Login with admin credentials
- Select your realm from the dropdown (top-left)
Step 2: Select or Create Client
- Click Clients in the left sidebar
- If you have an existing client: Click on it to open settings, then skip to Step 5
- If creating new: Click Create client button
- In General Settings:
- Client type:
OpenID Connect - Client ID: Enter
frontegg-agentlink
- Click Next
- In Capability config step:
- Client authentication: Toggle
ON - Authorization: Toggle
OFF (unless needed) - Authentication flow: Enable:
- Standard flow
- Direct access grants
- Click Next
- For new clients: In Login settings step, configure:
- For existing clients: Navigate to Settings tab, locate Access settings section:
- Valid redirect URIs: Add (or append to existing):
https://[YOUR-FRONTEGG-DOMAIN]/oauth/callback
- Valid post logout redirect URIs: (optional)
https://[YOUR-FRONTEGG-DOMAIN]/*
- Web origins: Add:
https://[YOUR-FRONTEGG-DOMAIN]
- Click Save
Step 6: Obtain Credentials
- In client details page, navigate to Credentials tab
- Copy Client secret value
- Navigate to Settings tab to confirm your Client ID (e.g.,
frontegg-agentlink) - Construct your issuer URL:
https://[KEYCLOAK-URL]/realms/[REALM-NAME]
- Navigate to Client scopes tab in client details
- Ensure these scopes are assigned:
- Click Add client scope if missing scopes
Configuration Values for Frontegg
provider: keycloak
issuer_url: https://[KEYCLOAK-URL]/realms/[REALM-NAME]
client_id: frontegg-agentlink
client_secret: [from Credentials tab]