TYPO3 extension for logging into the TYPO3 backend using Keycloak
This extension allows backend logins using a keycloak server.
- login via a configurable Keycloak server
- create backend user records for new users (currently admin-only)
- login existing (non-keycloak) user if email address matches
- terminate Keycloak session on TYPO3 logoff
- periodically check if Keycloak session is still active (and terminate TYPO3 session if not)
- fetch group config from Keycloak to create non-admin users
- fetch additional user data to decide if the user is allowed to log-in in a specific TYPO3 applications
This extension needs a configured client in Keycloak. Go to your desired realm and create a new client using these configuration values:
- Client ID: create an ID and take note for later use (use e.g.
- Client Protocol:
- Access Type:
- add these redirect URLs:
Save the client then go to
Credentials and copy the secret for later use.
This extension needs the following configuration values set in Install Tool:
- clientId: the ID of the client created in Keycloak
- clientSecret: the secret used to authenticate the client
- host: the host of the Keycloak server. Must include the protocol and port (e.g.
- realm: the realm containing user data for this application
Note: Both clientID and clientSecret can be set using environment variables (
NXKEYCLOAK_CLIENTSECRET) as well.
Values set in Install Tool will be preferred in any case.