The Keycloak Authentication Provider enables the Cloud CMS Application Server to authenticate, validate tokens and load user profile information against a Keycloak Server.

For more information on Authentication within the App Server, see App Server Authentication / SSO.


Here are all of the properties that may be configured:

"auth": {
    "providers": {
        "myProvider": {
            "type": "keycloak",
            "config": {
                "clientID": "myOauthClient",
                "clientSecret": "6ee0f303-faef-42d7-ba8e-00cdec755c42",
                "realm": "MyKeyCloakRealm",
                "auth_server_url": ""

Where these properties are specific to Keycloak:

  • clientID - the Keycloak client ID
  • clientSecret - the Keycloak client secret
  • realm - the name of the Keycloak realm against which authentication should occur
  • auth_server_url - the URL to the Keycloak server