Hi,

The usual way to integrate Keycloak with a Mendix 11.7.0 app is to use the OIDC SSO module, because Keycloak supports OpenID Connect and Mendix provides an official module for that flow. Mendix also recommends OIDC SSO as the easier option compared with SAML for this kind of setup.

At a high level, the setup is:

1. Install the OIDC SSO module from the Marketplace in your Mendix app.
2. In Keycloak, create a client for your Mendix app.
3. In Mendix, configure a new OIDC client with the Keycloak endpoints such as:
   • authorization endpoint
   • token endpoint
   • userinfo endpoint
   • JWKS endpoint
4. Add the login button / flow from the OIDC module and configure user provisioning / role mapping as needed. The OIDC SSO docs describe the runtime IdP configuration in the Mendix app.

So yes, Keycloak ↔ Mendix via OIDC SSO is the standard approach.

A few practical notes:

• Make sure the redirect URI configured in Keycloak exactly matches the callback URL expected by your Mendix app, otherwise login will fail. This follows from the OIDC client configuration flow in Mendix and the standard OIDC client setup.
• If you want mobile login as well, Mendix has a separate Mobile SSO module that depends on OIDC SSO.
• If your requirement is only web login, the regular OIDC SSO module is enough.

Useful Mendix docs:

• OIDC SSO module
• SAML vs OIDC note

If this resolves your issue, please mark the answer as accepted.

Hi Sayanthan Balendra,

That's quite a generic question. You can setup Keycloak as OIDC provider and configure the OIDC module of Mendix to connect with it.

In Keycloak, you define a client id, generate a client secret en configure the allowed redirect (callback) URL of your Mendix app. And in Mendix, you enter the well-known endpoint, the client id and client secret according to the documentation on OIDC.

Is there a specific part where you are stuck?

Kind regards,

Johan