Integrating Keycloak OpenID with ezeelogin

777 Rakhi June 23, 2025 Features & Functionalities 51

How to integrate keycloak with Ezeelogin Jumpserver?

Overview: This article will help the super admin user to integrate keycloak openid with the Ezeelogin jump server.

OpenID connect is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.

Step 1: Install the latest Keycloak server.

Step 2: Click on Create realm.

Step 2(A): Enter the Realm name and click on Create.

Step 3: Click on Create client -> Enter client type(openid) and client id(eg- ezeelogin-sso) ->Next

Step 3(A): Enable client authentication -> Next.

Step 3(B): Enter Root URL(eg:https://192.168.1.4/ezlogin) -> Valid redirect URIs(copy paste from ezeelogin settings) -> Save it.

Step 4: Click on Clients (in the same section after saving client) -> Credentials tab -> copy Client Secret and paste it in ezeelogin gui.

Step 5: Under Realm settings -> Endpoints-> click on the openid endpoint configuration url -> copy issuer url and paste in ezeelogin gui under provider url and provide the attribute values -> save it.

Step 6: Create client scope for groups if it not exist in client scopes.

Click on Client scopes --> create client scope -> Enter the name and type --> mention the Protocol(OpenID Connect) -> save it.

Step 7: Under Clients tab -> select client -> Client scopes -> Add client scope -> select groups scope and add it .

Step 8: Click on Users tab -> add user -> provide Username, Email, Firstname and Lastname -> Create. Click on Credentials tab and set the password for the user(disable temporary).

Step 9: Now change auth type in ezeelogin to OpenID Connect and login.

How to map a user from keycloak OpenID Connect user group to Ezeelogin user group?

Step 1: Click on Clients > Select the clients > Click on Add predefined mapper.

Step 1(A): Click on email and Add it.

Step 2: Add mapper > Click on By configuration > select By Configuration option( Group Memebership )

Step 2(A): Add the Name and Token Claim Name and disable Full group path and Save it.

Step 3: Create the same user group in Ezeelogin as in Keycloak by setting the group priority. And add those keycloak users in same group.

Step 4: Now try to relogin and confirm the group map.

Related Articles:

Authentication with OpenID Connect.

Integrate Okta OpenID Connect.

Integrate OneLogin OpenID Connect.

Integrate Azure OpenID Connect.

Integrate Jumpcloud OpenID Connect.

Did you find this article helpful?