With Keycloak, censhare provides an external authentication solution that can integrate existing authentication methods. Keycloak is available in combination with censhare WP.

Release information

As of censhare 2021.2.x, censhare uses Keycloak as default authentication solution. This implies some important changes on the authentication configuration. For more information, see Keycloak authentication.

About Keycloak

Keycloak is an open-source identity and access management solution. Keycloak is used to integrate external authentication methods such as LDAP or SAML. 

Authentication types

In terms of the type of authentication, Keycloak is very flexible. Among other things, users can be authenticated within Keycloak against an Active Directory or an LDAP server. If you already use Keycloak in your organizational network, you can use your existing Keycloak instance. 

If you use an external identity provider, Keycloak serves as an identity broker between the identity provider and censhare. If you use Keycloak with the censhare standard authentication, Keycloak serves as a gatekeeper to the censhare Server. 

Standard Protocols

Keycloak is published under the free Apache 2.0 license.

Keycloak is based on standard protocols and provides support for OpenID Connect, OAuth 2.0, and SAML.

Keycloak and censhare

For censhare, Keycloak is available in combination with censhare WP as of censhare 2021.2.

Keycloak can be used with all censhare clients. Existing authentication methods can be used as before for censhare Web, the censhare Client, the censhare Admin Client, and Service Client.

If you already use Keycloak in your organizational network, you can use your existing Keycloak instance. In this case, you must add and configure the censhare realm on your Keycloak server. Ask our support for an installation package without Keycloak, if you do not need to install Keycloak bundled with the censhare platform.

More information on censhare WP

Additional resources

For administrators - with productive systems

  • Install KeycloakLearn how to install a fresh Keycloak instance or use an existing one with censhare WP.
  • Upgrade KeycloakLearn about the steps to upgrade Keycloak to a later version. 
  • Configure Keycloak for external authenticationcenshare WP requires external authentication using Keycloak as identity broker. Keycloak runs on a dedicated authentication server.  Learn how to configure Keycloak to use it with censhare WP.
  • Configure Keycloak with censhare standard loginLearn how to add users to Keycloak. Keycloak can be configured with the censhare standard login. Keycloak verifies the user credentials and authenticates the users. Users can log into censhare Web, the censhare Client, and censhare Admin Client.
  • Configure Keycloak with LDAPYou can add an LDAP/AD service to Keycloak to log in users to censhare with their LDAP/AD user profile.
  • Configure Keycloak with SAMLThe SAML protocol provides single sign-on to applications across organizational boundaries. Keycloak serves as an identity broker between censhare and an identity provider.
  • Enable password reset on login pageLearn how to enable users to reset their passwords on the Keycloak login page.
  • Enable password changeLearn how to enable password change for censhare Web and censhare Client via Keycloak.
  • Authorization mapperThe authorization mapper synchronizes the roles, domains, groups and other settings of a user from Keycloak with the user table of the censhare Server.


For developers - with local installations and for testing

Documentation by Keycloak

Keycloak - get started

Keycloak - server installation

Keycloak - server administration

Keycloak - Admin Rest API