Jmix + Keycloak

Hi, I am trying to implement Keycloak in my JMIX application.
So when I call the url of the JMIX application I want to load the Keycloak login page. And if the credentials are ok the site will redirect me to the JMIX home page. I don’t need the JMIX login page and in that case I think I should disable the JMIX security.
If you have implemented Keycloak + JMIX, can you share resources or help with me?

Thanks in advance

1 Like

Hi,
We have a sample project of Jmix application integrated with KeyCloak.
It’s in the separate branch of the GitHub project: https://github.com/jmix-projects/sample-sales-jmix/tree/security-advanced-keycloak-complete

  • Single sign-on with KeyCloak via OpenID Connect protocol. No Jmix login page.
  • Some User attributes and assigned roles are stored in KeyCloak.
  • User entity is automatically created / saved after login in KeyCloak.
2 Likes

Thanks for feedback!

1 Like

Big thanks for the sample, it helps a lot!
But I still have one issue…
I’m trying to implement two different JMIX applications both integrated with Keycloak. I have configured a separate client in Keycloak for every JMIX app. Everything works like a charm when any of my JMIX applications runs alone.
But when I have both of them running - any attempt to logout from any JMIX app ends with an error like ‘Lost connection with the server, trying to reconnect…’ and it never reconnecting :frowning:
Browser console said that there is some CORS error on xhr request to Keycloak…

Any suggestion/help?

We have reproduced the problem too.
Not sure what is the reason.
There is some discussion on the KeyCloak forum, maybe this solution with manual assignment of necessary http headers through Nginx will help: Access-Control-Allow-Origin header missing - #26 by ola.sheryf - Securing applications - Keycloak

In that discussion they said that changing access type to public resolved the issue.
Is it possible to use public access type with JMIX?