Keycloak

  • Published on May 11, 2026
  • 1 minute(s) read
  • WS
  • Bryan Jones
 Prev Next

  • Open and login to your Keycloak Adminstration Console, looks like https://<KEYCLOAK_FQDN>:<KEYCLOAK_PORT>

Realm

  • Go to Manage Realms and select Create realm to create a new realm

Adapt the settings and configuration if using an available realm.

  • In Realm name enter a name like flexai-realm

  • Set Enabled to On

Clients

  • In the newly created go to Manage > Clients and select Create client

  • Set the Client type to OpenID Connect

  • Set the Client ID to flexAI

  • Set the Name to flexAI

  • Select Next

  • Set the Client authentication to On

  • Set the Authentication flow to Standard flow

  • Set the PKCE Method to S256

  • Select Next

  • Under Root URL add following:  https://<FQDN or hostname>/

  • Under Home URL add following: https://<FQDN or hostname>/

  • Under Valid redirect URIs: https://<FQDN or hostname>/oauth2/callback

  • Under Valid post logout redirect URIs: https://<FQDN or hostname>/oauth2/signout, https://<FQDN or hostname>/

  • Select Save

Mapper

  • Go to Manage > Clients and open the created Client flexAI

  • Go to the tab Mappers

  • Go to the tab Client scopes > flexAI-dedicated

  • Select Configure a new mapper or Add mapper > By configuration and select Group Membership

  • Under Name add flexai-roles

  • Under Token Claim Name add the following: https://flexai\.de\roles

  • Select Full group path to Off

  • Select Add to ID token to On

  • Select Add to access token to On

  • Select Add to userinfo to On

  • Select Add to token inspection to On

User and Groups

  • Go to Manage > Groups and select Create Groups to create the following groups:

    • flexai-manager

    • flexai-editor

    • flexai-user

  • Go to Manage > Users and select Add User to create a new user

  • Select Create

  • In the new created user go to the Tab Credentials and select Set password and set a password for the user

  • In the new created user go to the Tab Groups and select Join Group and select one ore more of the flexAI groups

URLs and IDs

  • Go to Manage > Clients > Clients list and open the created flexAI Client and copy the Client ID from the tab Setting and Client Secret from the tab Credentials for later use

  • Go to Configure > Realm settings > General and open OpenID Endpoint Configuration

  • Copy the following URLs for later use:

    • token_endpoint, looks like https://<KEYCLOAK_FQDN>:<KEYCLOAK_PORT>/realms/<KEYCLOAK_REALM>/protocol/openid-connect/token

    • authorization_endpoint, looks like https://<KEYCLOAK_FQDN>:<KEYCLOAK_PORT>/realms/<KEYCLOAK_REALM>/protocol/openid-connect/auth

    • end_session_endpoint, looks like https://<KEYCLOAK_FQDN>:<KEYCLOAK_PORT>/realms/<KEYCLOAK_REALM>/protocol/openid-connect/logout

    • jwks_uri, looks like https://<KEYCLOAK_FQDN>:<KEYCLOAK_PORT>/realms/<KEYCLOAK_REALM>/protocol/openid-connect/certs

    • issuer, looks like https://<KEYCLOAK_FQDN>:<KEYCLOAK_PORT>/realms/<KEYCLOAK_REALM>

Related articles

© 2026 Telos Alliance