Jmix + Keycloak

Hi, I am trying to implement Keycloak in my JMIX application.
So when I call the url of the JMIX application I want to load the Keycloak login page. And if the credentials are ok the site will redirect me to the JMIX home page. I don’t need the JMIX login page and in that case I think I should disable the JMIX security.
If you have implemented Keycloak + JMIX, can you share resources or help with me?

Thanks in advance

1 Like

We have a sample project of Jmix application integrated with KeyCloak.
It’s in the separate branch of the GitHub project:

  • Single sign-on with KeyCloak via OpenID Connect protocol. No Jmix login page.
  • Some User attributes and assigned roles are stored in KeyCloak.
  • User entity is automatically created / saved after login in KeyCloak.

Thanks for feedback!

1 Like

Big thanks for the sample, it helps a lot!
But I still have one issue…
I’m trying to implement two different JMIX applications both integrated with Keycloak. I have configured a separate client in Keycloak for every JMIX app. Everything works like a charm when any of my JMIX applications runs alone.
But when I have both of them running - any attempt to logout from any JMIX app ends with an error like ‘Lost connection with the server, trying to reconnect…’ and it never reconnecting :frowning:
Browser console said that there is some CORS error on xhr request to Keycloak…

Any suggestion/help?

We have reproduced the problem too.
Not sure what is the reason.
There is some discussion on the KeyCloak forum, maybe this solution with manual assignment of necessary http headers through Nginx will help: Access-Control-Allow-Origin header missing - #26 by ola.sheryf - Securing applications - Keycloak

In that discussion they said that changing access type to public resolved the issue.
Is it possible to use public access type with JMIX?

@albudarov any news about the problem? Still hoping to use Keycloak + Jmix without Nginx or other additional stuff…

I’m afraid that if this is a KeyCloak problem, Jmix can’t do much with it…

How about changing access type to public? Is that possible with Jmix?

We have not researched.
If you will have any results, we would be glad if you share them with the community.

I’ve tried to use public access type but with the same result :frowning:

@albudarov I’ve tried to use Nginx for manual assignment of CORS http headers but result is the same :frowning:
And in the browser I can see the following:
When I have two Jmix apps running, after logging out from one of them and trying to log out from another, looks like the second app trying to call keycloak twice
May be that is the problem?

@albudarov UserSessionsBrowse screen doesn’t contains sessions from user logged with keycloak. Is it possible to fix?

I’m pretty sure it’s not a KeyCloak issue because two simple Spring Boot apps work with Keycloak together without any issues, but two Jmix apps don’t

For those who come here from Google search: a recommended way of integrating Keycloak with Jmix applications is using OIDC add-on.