Login into the Dashboard using Keycloak - Guide

Last updated: 2 minutes read.

This is a walk-through of how you can use Keycloak and our (internal/embedded) Tyk Identity Broker (TIB) to log in to your Dashboard. This guide assumes you have existing Keycloak and Tyk Pro Environments.

KeyCloak’s Side

  1. In your desired Realm, create a client of OpenID Connect type, and set your desired Client ID.

    Create Client

    Set Client Type and ID

  2. Enable client authentication, then save the client.

    Enable Client Auth

  3. Retrieve the Secret (from the credentials tab) of the Client you just created. You will need the Client ID and Secret in later steps.

    Retrieve Client Secret

  4. Retrieve the discovery endpoint of the realm, https://<your-keycloak-host-and-realm>/.well-known/openid-configuration.

    This is accessible from “Realm Settings” > “General” Tab > OpenID Endpoint Configuration. You will need it in later steps.

    Keycloak discovery endpoint

Dashboard’s Side… (and a bit of Keycloak)

  1. Log in to your Dashboard and select Identity Management, located under System Management

    Select Identity Management

  2. Create a profile, give it a name and select “Login to Tyk Dashboard”

    Create a profile

  3. Set the provider type as “OpenID Connect”

    OpenID Connect provider type

  4. Fill in the Client ID, Client Secret and Discovery URL/endpoint from Keycloak (from steps 3 and 4 in Keycloak’s Side)

  5. Copy the callback URL from Tyk and then you can click “Create Profile” to save the profile.

    Copy callback URL

  6. Go to Keycloak, and paste the callback URL you just copied to “Valid redirect URIs” in the Keycloak Client, and then save the client.

    This can be accessed by selecting the “Settings” tab when viewing a Keycloak client.

    Add Redirect URL to keycloak client

Test your Keycloak Login

  1. From your Identity Management Profiles click the profile you created to open it.

  2. Copy the Login URL and paste it into a browser tab

    Copy login url

  3. You will now see the Keycloak login form.

    Login to keycloak

  4. Enter the email address and password of your Keycloak user.

  5. You should now be redirected to the Tyk Dashboard and logged in

    Tyk Dashboard from Keycloak SSO login