You are currently viewing Integrating Keycloak with Spring Boot

Integrating Keycloak with Spring Boot

Keycloak is an open-source Identity and Access Management solution, providing features such as Single Sign-On (SSO), OAuth 2.0, and OpenID Connect. In this tutorial, we will integrate Keycloak with a Spring Boot application for secure authentication and authorization.


  • Java JDK installed on your machine
  • Maven or Gradle installed
  • Keycloak installed (You can download Keycloak and follow their installation guide)
  • Basic understanding of Spring Boot

Step 1: Setup a Spring Boot Project

First, let’s create a new Spring Boot project. You can do this manually or use the Spring Initializr to generate a project with the required dependencies.

For Maven, add the following dependencies:

  • Spring Web
  • Spring Security
  • Spring Boot DevTools
  • Keycloak Spring Boot Starter

Here’s an example pom.xml for Maven:

    <!-- Spring Boot Starter Web -->

    <!-- Spring Boot Starter Security -->

    <!-- Spring Boot DevTools -->

    <!-- Keycloak Spring Boot Starter -->

Step 2: Configure Keycloak

  1. Start your Keycloak server and create a new realm, client, and user. You can refer to the Keycloak documentation for detailed steps.
  2. Once your realm, client, and user are set up, note down the following information:
  • Realm Name
  • Client ID
  • Client Secret
  • Keycloak Base URL (e.g., http://localhost:8080/auth)

Step 3: Configure Spring Boot

Create a or application.yml file in your Spring Boot src/main/resources directory and add the Keycloak configuration:

# Keycloak Configuration

# Server Port


# Keycloak Configuration
  realm: myrealm
  auth-server-url: http://localhost:8080/auth
  ssl-required: external
  resource: myclient
    secret: yourclientsecret
  use-resource-role-mappings: true

# Server Port
  port: 8081

Step 4: Create a Controller

Let’s create a simple REST controller to test our authentication:

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

public class HelloController {

    public String hello() {
        return "Hello, secured user!";

Step 5: Enable Security

Create a security configuration class to enable Keycloak security:

import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {

    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();

    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();

    public SimpleAuthorityMapper grantedAuthorityMapper() {
        SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper();
        return grantedAuthorityMapper;

Step 6: Run the Application

Now you can run your Spring Boot application. It will start on port 8081 (as configured). When you access the /hello endpoint, it will redirect you to Keycloak for login. After successful authentication, you will see the “Hello, secured user!” message.


In this tutorial, we’ve integrated Keycloak with a Spring Boot application for secure authentication. Users will be redirected to Keycloak’s login page for authentication, and upon successful login, they will have access to the secured endpoints. This setup allows for Single Sign-On (SSO) and centralized authentication management using Keycloak. Further customization can be done based on your application’s requirements and Keycloak’s features.

Leave a Reply