😁
User Guide
6.5
6.5
  • Rocket.Chat
  • Deploy
    • Deploy Rocket.Chat
      • System Requirements
      • Deploy with Docker & Docker Compose
      • Deploy with AWS
      • Deploy with Snaps
      • Updating Rocket.Chat
      • Scaling Rocket.Chat
        • Microservices
        • Running Multiple Instances
        • Automation Tools
          • Ansible
          • OpenShift
          • Vagrant
      • Additional Deployment Methods
        • Deploy with Kubernetes
        • Deploy with Digital Ocean
        • Deploy on Google Compute Engine
        • Deploy with Ubuntu
        • Deploy with CentOS
        • Deploy on Kali
        • Deploy on Debian
        • Deploy on IBM Cloud
        • Deploy on Windows 10
        • Plug-in Deployments
        • Unsupported Methods
          • OpenSUSE Leap 42.2
          • FreeBSD
            • Deploying Rocket.Chat Server Binaries on a FreeBSD system
          • Windows Server
          • Linode
          • Scalingo
          • Cloudron.io
          • Jelastic
          • Aliyun
          • Galaxy
          • Syncloud
          • OpenShift
  • Setup and Configure
    • Rocket.Chat Environment Configuration
      • NodeJs Configuration
      • MongoDB Configuration
        • MongoDB URI Authentication
        • MongoDB Backup and Restore
        • Passing extra options to the Mongo driver
        • Configure a replica set for MongoDB
        • Migrating database from Meteor built in MongoDB
        • MongoDB mmap to wiredTiger migration
        • Supported Mongo Versions
      • Firewall Configuration
      • Additional Configurations
        • Running in a sub folder with Apache
        • Univention Corporate Server (UCS)
        • Setting Up Client SSL Certificate Authentication for Rocket.Chat
        • Setting up Process Managers and Init Systems
      • Configuring SSL Reverse Proxy
      • Environment Variables
    • Installing Client Apps
      • Desktop & Mobile Apps
      • Minimum Requirements for Client Apps
    • Enterprise License Application
    • Accessing Your Workspace
      • Rocket.Chat Setup Wizard
      • Admin Account Creation
      • Basic White-labeling
      • Inviting Users
    • Advanced workspace management
      • Authentication
        • OpenID Connect
          • Gluu Server 4.0
          • Keycloak
          • Okta Identity Cloud Service
        • iframe based Single Sign On
      • Google Translate Integration
      • Managing Settings Using Environmental Variables
      • Identity Management (EE vs CE)
      • Database Migration
      • Restoring an Admin User
      • CDN
      • Troubleshooting
      • Client Compatibility Matrix
    • Enterprise Edition Trial
    • Rocket.Chat Air-gapped Deployment
      • Offline Workspace Registration
      • Offline License
      • Air-gapped workspace Configuration
      • Air-gapped App Installation
    • Roles in Rocket.Chat
  • Use Rocket.Chat
    • User Guides
      • Access your workspace
      • Main Menu
      • User Panel
        • My Account
          • Manage Devices
      • Rooms
        • Channels
          • Create a new Channel
          • Edit A Channel
          • Manage Channel Members
          • Search Messages in a Channel
        • Teams
          • Create a new Team
          • Edit a Team
          • Manage Team Members
          • Manage Team Channels
          • Teams Enterprise Edition
        • Discussions
          • Create a new Discussion
          • Edit A Discussion
          • Search Messages in Discussion
          • Manage Discussion Members
        • Direct Messages
          • Create a new Direct Message
          • Direct Message Actions
        • Threads
          • Create a New Thread
        • Room Roles
      • Messages
        • Message Actions
        • Off-the-record (OTR) Messaging User Guide
      • Notifications
      • Security Bundle
        • Data Loss Prevention User Guide
        • Antivirus ClamAV App
        • End to End Encryption User Guide
        • Two Factor Authentication User Guide
      • Keyboard Shortcuts
    • Workspace Administration
      • Go Fully Featured
      • Workspace
      • Registration
      • Engagement
      • Moderation
      • Federation
      • Rooms
      • Users
        • Guest users
        • Add users through Identity management and authentication services
      • Invites
      • User Status
      • Permissions
        • Setting's Permission
      • Device Management
      • Email Inboxes
      • Mailer
      • Third-party Login
      • Integrations
        • AppVeyor
        • Azure Alerts
        • BitRocket
        • Dead Simple Screen Sharing
        • EasyRedmine
        • Giphy Integrations
        • GitLab
        • Google Calendar
        • GitHub
        • Graylog
        • Jenkins notifications via Rocket.Chat Marketplace
        • JFrog Xray
        • MicroBadger
        • Microsoft Teams
        • NewRelic
        • Nextcloud and WebDAV integrations
        • Nextcloud Rocket.Chat App
        • Nixstats notification
        • PagerDuty
        • Prometheus
        • Grafana
        • Review Board
        • RunDeck Job Notifications
        • Sentry
        • Simple Telegram Bot
        • TravisCI
        • Uptime Robot
        • Zapier
        • django-rocketchat-auth 1.2
        • Add Jira notifications via webhook
      • Import
        • Import from HipChat
        • Import from Slack
          • SlackBridge
        • Import CSV
      • Logs
      • Sounds
      • Emoji
      • Settings
        • Accounts
          • Custom Fields
        • Analytics
        • Assets
        • Bots
        • CAS
        • Conference Call
        • Custom Emoji Filesystem
        • Custom Sound Filesystem
        • Device management settings
        • Discussion
        • E2E Encryption
        • Email
          • Edit your Email Content
          • Direct email reply
          • Email configuration
        • Enterprise
        • Federation
          • Matrix Bridge
            • Matrix Admin Guide
              • Matrix Homeserver Setup
                • Matrix Allow/Block List
              • Matrix Bridge Configuration
            • Matrix User's Guide
              • Create federated rooms
              • Invite external users to your Rocket.Chat server
              • Communicate with a federated user
              • Search and join public channels on the Matrix network
              • Assign roles for users in federated rooms
            • Matrix Bridge FAQs
          • Rocket.Chat Basic Federation
            • Cross-server Federated Channels
        • File Upload
          • Minio
          • Recommendations for File Upload
          • File Upload FAQs
        • General
          • Net Promoter Score (NPS) survey
        • IRC Federation
        • Layout
        • LDAP
          • LDAP Connection Setting
          • LDAP User Search
          • LDAP Data Sync Settings
          • LDAP Enterprise Settings
          • LDAP Examples
        • Logs
        • Message
        • Meta
        • Mobile
        • OAuth
          • Facebook OAuth Setup
          • Google OAuth Setup
          • GitLab OAuth Setup
          • GitHub OAuth Setup
          • GitHub Enterprise OAuth Setup
          • LinkedIn OAuth Setup
          • NextCloud OAuth Setup
          • WordPress OAuth Setup
          • MS Office 365 OAuth Setup
          • Other OAuth Setup
        • Omnichannel Admin's Guide
          • Queue Types (Routing Algorithm)
        • OTR
        • Outlook Calendar
        • Push
        • Rate Limiter
        • Retention Policy
        • SAML
          • Rocket.Chat server settings
          • Simple SAML php
          • Active Directory Federation Services
          • Oracle Identity Cloud Service
          • Keycloak
        • Search
        • Setup Wizard
        • SlackBridge
        • Smarsh
        • SMS
        • Threads
        • Troubleshoot
        • User Data Download
        • Voice Channel
        • Webdav Integration
        • WebRTC
    • Omnichannel
      • Current Chats
      • Reports
      • Analytics
      • Real-time Monitoring
      • Managers
      • Agents
      • Departments
      • Custom Fields
      • Livechat Triggers
      • Livechat Widget Installation
      • Livechat Widget Appearance
      • Webhooks
      • Business Hours
      • Monitors
      • Units
      • Canned Responses
        • Canned Responses Omnichannel Manager's Guide
      • Tags
      • SLA Policies
      • Priorities
    • Message Auditing
      • Review All Message Auditing Panel Search Results
      • Check Historical Edits and Deletions of Messages
      • Assign Message Auditing Permissions to Specific Users
    • Message Auditing Log
    • Rocket.Chat Cloud
      • Create your new cloud account
      • Manage your cloud account
        • Custom domain for your Cloud-hosted workspace
        • Profile
        • Organization Settings
        • Workspaces
        • Invoices
        • Payment Methods
        • Support
        • Security
        • Contact Sales
      • Cloud Account Setup Wizard
    • Rocket.Chat Voice Channel
      • Getting Started with Voice Channel
      • Voice Channel Admin Guide
        • Configure without previously having a PBX server
          • SIP Extensions
          • Configure asterisk manager interface and users
        • Configure with an active PBX server
          • Associate agents with extensions in Rocket.Chat
      • Voice Channel Technical Specification
      • Voice Channel Agent Guides
        • How to make myself available to accept calls?
        • How to take a call in Rocket.Chat voice channel?
        • How to initiate an outbound call as an agent?
      • Voice Channel FAQs
    • Rocket.Chat Conference Call
      • Conference Call Admin Guide
        • Pexip app
        • Jitsi app
        • BigBlueButton (BBB) app
        • Google Meet app
      • Conference Call User's Guide
      • Omnichannel Video/Audio Call Configuration
    • Rocket.Chat Federation
    • Rocket.Chat Mobile
      • Rooms on Rocket.Chat Mobile
      • Messages and Threads on Mobile
      • Push Notifications
        • Secured Push Notification
        • Push Notifications User Guide
    • Omnichannel Agent's Guides
      • Omnichannel Conversation
      • Omnichannel Queue
      • Omnichannel Contact Center
        • Omnichannel Contact Manager Assignment
      • Email Inboxes
  • Extend Rocket.Chat Capabilities
    • Rocket.Chat Marketplace
      • Rocket.Chat Public Apps Guides
        • Omnichannel Apps
          • SMS
          • Telegram App
            • Telegram Agent's Guide
          • Rasa App
          • Salesforce CRM Integration
            • Salesforce CRM Agent's Guide
          • HubSpot CRM
            • HubSpot CRM Agent's Guide
          • Dialogflow App
            • Upload File To Ongoing Dialogflow Chats
          • Twitter App
            • Twitter App Agent's Guide
          • Facebook App
            • Facebook App Agent's Guide
          • WhatsApp
            • WhatsApp Agent's Guide
          • WhatsApp Sandbox
            • WhatsApp Sandbox Agent's Guide
          • Instagram Direct
            • Instagram Direct Agent's Guide
          • WhatsApp Cloud App
            • Configure Whatsapp Cloud App
            • Using WhatsApp Cloud App
        • Atlassian Apps
          • Jira Server v2.0
          • Bamboo Integration
          • Bitbucket Server
          • Confluence Server
          • Jira Server
        • Pexip App
        • Jitsi app
        • BigBlueButton (BBB) app
        • Google Meet app
        • Trello
          • Using the Trello App
        • Zoom
          • Install Zoom App
        • Data Loss Prevention (DLP) App
        • Poll
        • Poll Plus
          • Poll Plus Features
        • Microsoft Teams Bridge
          • Using Microsoft Teams Bridge
        • GitHub App
          • Using GitHub App
        • Google Drive
          • Using the Google Drive App
        • Google Calendar
          • Using the Google Calendar App
        • Zapier App
          • Install Zapier App
          • Using Zapier App
        • ChatGPT App
          • Install ChatGPT App
          • Using ChatGPT App
      • App Storage Location
    • Integrations
    • Rocket.Chat API
  • Resources
    • Frequently Asked Questions
      • Accessing your workspace FAQs
      • My Account FAQs
      • Registration
      • Message Privacy
      • Localization
      • Apps FAQs
      • Update FAQs
      • WhatsApp Cloud API FAQs
      • Cloud FAQs
      • Support FAQs
      • Whatsapp Business App FAQs
      • Identity Management EE FAQ
      • Deployment FAQ
        • Updating Rocket.Chat FAQ
        • Snaps FAQ
      • Omnichannel FAQs
    • Brand and Visual Guidelines
      • Logo
      • Typography
      • Colors
      • Patterns
      • Iconography
      • Photos
      • Brand Usage Examples
      • Media Kit
    • Development Docs
    • Rocket.Chat's Support Structure
      • Enterprise Support and Version Durability
        • Enterprise Support Plans
      • Community Resources
      • Legacy Support
  • Contribute to Rocket.Chat
    • Contributor Code of Conduct
    • How Can I Help?
    • Github Sponsorship
    • Annual Contribution Programs
  • PRIVACY AND SECURITY
    • Privacy and Security Policies
      • Rocket.Chat Privacy Policy
        • Subprocessors
      • Privacy Policy Facebook Messenger
      • Security Policy
    • Security Center
      • Compliance Resources and Certifications
      • Security fixes and updates
        • cve-2022-32211
      • End-to-End Encryption Specifications
    • Privacy Center
      • GDPR
        • Data Processing Agreement
      • LGDP
        • Nomeação do Encarregado pelo Tratamento de Dados Pessoais
  • LEGAL AND COMPLIANCE
    • Rocket.Chat Terms
      • Terms of Service
        • Cloud Deployment Terms/Cloud Terms
      • Master Services Agreement for Self Managed Workspaces
      • Supplemental Terms
        • Master Service Agreement for Professional Services
    • Compliance Center
      • DMCA Policy
      • Law Enforcement
        • Guidelines for Law Enforcement
        • Censorship and Harmful Content
        • Server Lookup
      • Code of Conduct: Services
    • Legal Center
Powered by GitBook
On this page
  • Configuring Keycloak OpenID Connect
  • Configuring Rocket.Chat
  • Create a Custom Oauth provider
  • Mapping non-federated keycloak user roles to Rocket.Chat roles
  • View all client roles
  1. Setup and Configure
  2. Advanced workspace management
  3. Authentication
  4. OpenID Connect

Keycloak

Configuring Keycloak OpenID Connect

To create a client in Keycloak,

  • Provide a Client ID: rocket-chat-client

  • Select the Client Protocol as openid-connect.

  • Select the Client access type as confidential.

  • Standard flow implemented: ON

  • Valid Redirect URL: http:{Rocket.Chat_server_address}/*

Ensure the Redirect URI is the IP and PORT of your rocket.chat instance.

After saving the changes, a new credentials tab will be created for the client. This credentials tab will provide the client secrets to be used when configuring the Rocket.Chat.

Configuring Rocket.Chat

Create a Custom Oauth provider

  • Login to Rocket.Chat with an administrator account and navigate to the OAuth page.

  • Click the Add custom OAuth button and provide the following configurations.

    • URL: http://{keycloak_ip_address}:{port}

    • Token Path: /realms/{realm_name}/protocol/openid-connect/token

    • Token sent via: Header

    • Identity Token Sent Via: Same As "Token Sent Via"

    • Identity Path: /realms/{realm_name}/protocol/openid-connect/userinfo

    • Authorize Path: /realms/{realm_name}/protocol/openid-connect/auth

    • Scope: openid

    • Param Name for access token: access_token

    • Id: This is the id of the Rocket.Chat client created in the keycloak rocket-chat-client

    • Secret: Secret key provided in the credentials tab when creating the Rocket.Chat client

    • Button Text: Login with Keycloak

You can also access the URL paths provided in the configurations by navigating to the Realm setting > General and clicking the endpoints link. While configuring the settings, replace the realm_name with the appropriate realm name. The default realm provided by Keycloak is master.

  • Leave the rest of the configurations as default. Click Save Changes.

  • Enable the new Keycloak provider. Click Refresh OAuth Services.

  • If you are in a test environment with no SMTP server set, disable Two-factor Authentication in Administration > Settings > General.

  • A Login with KeyCloak button appears on your workspace's login page. Users can now log in with keycloak.

Mapping non-federated keycloak user roles to Rocket.Chat roles

To create a role in KeyCloak,

  • Navigate to Roles and click Add Role.

  • Fill in the name and description of the role, and then click Save.

  • Add a mapper entry that maps our client roles to OpenId, passing the value to Rocket.Chat.

View all client roles

To view all the client roles you have created,

  • Navigate to Roles and click View all roles

Composite Roles

A composite role is a role that can be associated with other roles.

To define composite roles,

  • Navigate to Roles > Composite Roles.

To grant the Rocket.Chat role to a user, we have to modify the users Role Mappings.

Create Protocol Mapper

Mappers

PreviousGluu Server 4.0NextOkta Identity Cloud Service

Client-specific roles of a keycloak managed user can be mapped to Rocket.Chat roles. This does not work for federated users (e.g., LDAP-managed users). For this example, to map the admin and livechat-manager , add the required roles to the client.

role
Create Protocol Mapper
Mappers