Enabling Keycloak User Self-Registration
This document provides a guide to enabling Keycloak user self-registration for public environments.
Last updated
Was this helpful?
This document provides a guide to enabling Keycloak user self-registration for public environments.
Last updated
Was this helpful?
Keycloak can manage user authentication for web and mobile apps. Users can self-register, and admins can add them. It also supports custom attributes beyond default ones like name and email. This guide covers enabling self-registration and adding custom fields.
The Keycloak server is installed on the Kubernetes cluster and should be publicly accessible.
And Keycloak should be integrated as part of your application.
An SMTP server is set up within the same Kubernetes cluster for email notifications.
Log in to Keycloak
Open the Keycloak Admin Console.
Log in using admin credentials.
You can configure self-registration in your existing realm or create a separate realm for public environments and configure it there.
Enable User Registration
Navigate to Realm Settings.
Click on the General Settings tab and provide the necessary details.
Click on the Login tab, enable the following options:
User registration: Allows users to register themselves.
Verify email: Ensures users confirm their email addresses after registration.
Forgot password: Allows users to reset their passwords via email.
Login with email: Enables users to log in using their email addresses instead of usernames.
Configure Email Settings
In the Realm Settings, locate the Email section.
Configure the Template and Connection & Authentication sections with SMTP settings.
Ensure the SMTP server is installed within the Kubernetes cluster.
Provide SMTP server details (host, port, authentication credentials, etc.).
Save the configuration to enable email notifications for user registrations.
Configure Authentication and reCAPTCHA
Navigate to the Authentication tab.
Make a copy of the registration as registration2 and bind it to Resgistration flow.
Edit the newly created registration flow, ensuring all step requirements remain the same.
Add reCAPTCHA in the reCAPTCHA settings.
Generate the reCAPTCHA site key and secret key from Google reCAPTCHA and configure them in Keycloak.
Assign Client Roles
Add the required client roles under each client to grant access to applications. For more refer here.
To provide complete access to SR or PBMS for self-registered users, create the necessary roles for the respective clients.
Assign all the created client roles to Realm Settings → User Registration to set default roles for self-registered users.
Integrate Keycloak Credentials with Applications
Make sure your application is already integrated with Keycloak login for authentication. If not, configure it for Keycloak authentication.
Verify Self-Registration
Open Socialregistry or PBMS service in an incognito/private browser window.
Try to login with keycloak and it will redirect you to keycloak login page.
The Register link should now be visible.
Click the Register link to access the registration page.
Users can enter their details (name, email, and password) to create an account.
Upon registration, users will receive a confirmation email (if email verification is enabled).
After confirming their email, users can log in with basic permissions.
Once users are registered in Keycloak, they can use the same credentials wherever the app integrates with Keycloak authentication.
