TYPO3 extension for logging into the TYPO3 backend using Keycloak

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 5

Forks: 0

Open Issues: 0


1.0.0 2022-05-27 06:10 UTC

This package is auto-updated.

Last update: 2024-02-27 10:01:40 UTC


stability-beta TYPO3 V11 Minimum PHP Version GitHub CI status

This extension allows backend logins using a keycloak server.


  • login via a configurable Keycloak server
  • create backend user records for new users (currently admin-only)
  • login existing (non-keycloak) user if email address matches

Missing Features

  • terminate Keycloak session on TYPO3 logoff
  • periodically check if Keycloak session is still active (and terminate TYPO3 session if not)
  • fetch group config from Keycloak to create non-admin users
  • fetch additional user data to decide if the user is allowed to log-in in a specific TYPO3 applications



This extension needs a configured client in Keycloak. Go to your desired realm and create a new client using these configuration values:

  • Client ID: create an ID and take note for later use (use e.g. typo3)
  • Client Protocol: openid-connect
  • Access Type: confidential
  • enable Standard Flow
  • add these redirect URLs:
    • https://<TYPO3-domain>/typo3/*

Save the client then go to Credentials and copy the secret for later use.


This extension needs the following configuration values set in Install Tool:

  • clientId: the ID of the client created in Keycloak
  • clientSecret: the secret used to authenticate the client
  • host: the host of the Keycloak server. Must include the protocol and port (e.g.
  • realm: the realm containing user data for this application

Note: Both clientID and clientSecret can be set using environment variables (NXKEYCLOAK_CLIENTID and NXKEYCLOAK_CLIENTSECRET) as well. Values set in Install Tool will be preferred in any case.