01
Customisable user interfaces
Login, registration, administration and account management pages are rendered by Keycloak and can be themed to match the host application.
Built for Keycloak
Single sign-on for Liferay and the API layer
A Java extension that brings Keycloak single sign-on to Liferay portals and the MuleSoft API ecosystem.
01 / Overview
Keycloak is a single sign-on solution for web apps and RESTful web services. The goal of the tool is to make security simple, so that it is easy for application developers to secure the apps and services they have deployed in their organisation.
The Keycloak Extension is a Java extension that plugs Keycloak into Liferay and the MuleSoft API ecosystem. Customers using both platforms get one authentication flow across the portal and the APIs behind it, without standing up separate identity providers.
02 / Key features
02
Connections to LDAP and Active Directory
Existing corporate directories stay the source of truth. Keycloak federates against them, the extension carries that identity through to Liferay and Mule.
03
Third-party identity provider delegation
Sign-in via Facebook, Google or custom account managers is configured in Keycloak and surfaced through the extension.
04
OAuth 2.0 for microservices and API ecosystems
APIs published through MuleSoft API Manager validate Keycloak-issued OAuth 2.0 tokens directly.
03 / Use cases
- 01
Customer portal with customer API
Customers sign in to a Liferay portal once and gain access to the JSON APIs behind it under the same identity.
- 02
Employee portal across SaaS apps
Internal Liferay portals authenticate employees through Keycloak against Active Directory. Mule APIs trust the same token.
- 03
Phased migration off legacy SSO
Existing SiteMinder or OpenAM deployments are replaced one tenant at a time, with both sides speaking OIDC during the transition.
04 / Business outcomes
01
One identity, one audit trail
Every authentication event lands in Keycloak’s event log, no matter whether it came from the portal, an API or a partner application.
02
Faster onboarding for new applications
New apps and APIs join the existing Keycloak realm instead of standing up another identity integration from scratch.
03
Security policy in one place
MFA, session timeout, password policy and federated trust are configured in Keycloak. Changes ship as configuration, not code.
05 / Technical highlights
- Runtime
- Java extension, deploys into the Keycloak server
- Portal target
- Liferay (ad-hoc extension provided)
- API platform
- MuleSoft API Manager (OAuth 2.0)
- Protocols
- OIDC, OAuth 2.0, SAML 2.0, LDAP and Active Directory federation
Get in touchContact us
Need an accelerator we haven’t built yet?
These accelerators started as pieces of work for client projects. If your team is hitting a recurring problem on integration, identity or monitoring, get in touch. There is a good chance we have something half-built, or we can build it with you.