Using this module, users can directly log in or register with Keycloak credentials at this HumHub installation.
A new button "Keycloak" (which can be renamed) will appear on the login page.
- OpenID Connect
- Keycloak Back-channel logout (1)
- Possibility to add a page in account settings allowing users to change their Keycloak password
- Users' groups and email synchronization between Keycloak and HumHub in both directions (2):
- HumHub to Keycloak sync is done in real time
- Keycloak to HumHub sync is done once a day
- Keycloak subgroups are not synced
(1) Allows removing user sessions automatically when signing out from Keycloak (via a websocket).
(2) E.g., when a user on HumHub becomes member of a group the module will:
- check if a group with the same name exists on Keycloak
- create the group on Keycloak if not exists
- add this group to the corresponding user on Keycloak
- PHP 8.1 or later
- PHP
allow_url_fopenmust be enabled - PHP extensions:
MBString,JSONandBCMathorGMP - Depending on the algorithms you're using, other PHP extensions may be required (e.g. OpenSSL, Sodium). Full details: https://web-token.spomky-labs.com/introduction/pre-requisite
- For users' groups and email synchronization: on Keycloak, users attributes must be writable (it can be tested by changing the email address of a user on Keycloak administration).
Go to module's configuration at: Administration -> Modules -> Keycloak Auth -> Configure. And follow the instructions.
This module is free, but the result of a lot of work for design and maintenance over time.
If it's useful to you, please consider making a donation or participating in the code. Thanks!