Jitsi Keycloak Adapter v1

• 1. Features
• 2. Setup
• 3. Keycloak configuration
• 4. Similar projects
• 5. Sponsors

Allow Jitsi to use Keycloak as an identity and OIDC provider.

See jitsi-oidc-adapter for the new generation of the adapter. It also supports Keycloak.
PLEASE SWITCH TO THIS VERSION TO GET NEW FEATURES.

1. Features

• SSO for Jitsi through Keycloak. Allows Jitsi to run as an OIDC consumer.
• Allows to use config params in URL (such as #config.prejoinConfig.enabled=true)
• Allows guest users and wait for host screen if needed
• Not based on the external JWT which will be deprecated in the near future.
• Not based on tokenAuthUrl

Check flows if you are interested in how it works.

2. Setup

See standalone setup guide to install it on a standalone Jitsi server.

See Docker setup guide to integrate it with a Dockerized Jitsi setup.

3. Keycloak configuration

Create client inside realm.

• Set client id
• Add Jitsi's URL into Valid redirect URIs
  e.g. https://jitsi.mydomain.com/*
• Add Jitsi's URL into Web origins
  e.g. https://jitsi.mydomain.com or just use +
• Set Access type

  • For Keycloak versions < 20.x, set Access type to public:

    

  • For Keycloak versions >= 20.x, disable Client authentication:

    

• Alternatively, set Access type to confidential (respectively, leave Client authentication enabled) and set the KEYCLOAK_CLIENT_SECRET environment variable to the client secret generated by Keycloak.

4. Similar projects

• jitsi-oidc-adapter
• jitsi-keycloak-adapter-v2
• jitsi-keycloak
• Jitsi-SAML2JWT
• jitsi-OIDC-adapter
• Jitsi Go OpenID

5. Sponsors