Configuring Keycloak OAuth with Thinfinity
Keycloak Configuration
1. In your Keycloak Administration console, navigate to Clients -> Create Client -> Client type -> “OpenID Connect”
Configure the following parameters as shown:
Client ID: MyKeycloakOauthConnector
2. Scroll down to the next section, and select:
Client Authentication -> ON
Authentication Flow -> Standard flow + Direct access grants
3. Next, click on Credentials and select Client ID and Secret.
4. Verify the Client Scope you want to use. In this example, we are going to use "openid".
5. Obtain Keycloak’s OpenID Endpoint configuration by navigating to Realm Settings and clicking on OpenID Endpoint Configuration.
We are going to need the “authorization_endpoint” , the “token_endpoint”, and the “end_session_endpoint”.
Thinfinity Workspace Configuration
1. Add an authentication method: Open the Thinfinity/Settings menu, navigate to Authentication Methods, and click Add.
Fill the following fields:
Name: MyKeycloakOauthConnector
Virtual Path: MyKeycloakOauthConnector
Client ID: MyKeycloakOauthConnector
Client Secret: enter the Client Secret obtained from Keycloak
Enabled: set to -> True
2. Then click on the Server dropdown table, and configure the following fields:
- Paste the “authorization_endpoint” obtained from the OpenID Configuration Endpoint
- Type in “scope=openid”
- Paste the “token_endpoint” obtained from the OpenID Configuration Endpoint
- Paste the “end_session_endpoint” obtained from the OpenID Configuration Endpoint
- Check “Get from Token”
- Type in “1”
- Type in “preferred_username”
Click Save.
3. Configure external/internal user mappings
In Thinfinity Workspace Settings menu, navigate to Authentication/Identity Mappings and click Add.
In the ID Pattern field select which Keycloak User you want to map to the internal Windows local computer/domain user.
Related Articles
Configure Single Sign-On Using OneLogin with OAuth
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...How to Create Your First RDP Connection Using Thinfinity as a Jump Server
Introduction Welcome to this comprehensive guide designed to facilitate the setup of your initial RDP connection using Thinfinity® Workspace. Within this guide, we'll provide a detailed walkthrough on configuring Thinfinity Workspace as a jump ...How to Enable H264 in Thinfinity Workspace
Product: Thinfinity Workspace Version: 7 and later Introduction H264 is the most widely used format for efficiently capturing, compressing, and distributing high-quality video content. As such, Thinfinity® Workspace must work with H264 to provide a ...Configure Single Sign-On Using Auth0 with OAuth
Product: Thinfinity Workspace Version: 7 and above Auth0 is an authentication and authorization platform that simplifies identity management for developers. It provides secure login, identity verification, and single sign-on capabilities for web, ...Configure Single Sign-On Using Google Cloud with OAuth
Product: Thinfinity Workspace Version: 7 and above The Google Cloud OAuth feature allows users to give third-party applications limited access to their Google Account data without sharing credentials. Users authenticate with Google, authorize the ...