{"id":42115,"date":"2026-01-20T18:20:52","date_gmt":"2026-01-20T15:20:52","guid":{"rendered":"https:\/\/trueconf.com/blog\/?p=42115"},"modified":"2026-01-21T15:43:49","modified_gmt":"2026-01-21T12:43:49","slug":"configuration-of-keycloak-integration-with-trueconf-server","status":"publish","type":"post","link":"https:\/\/trueconf.com/blog\/knowledge-base\/configuration-of-keycloak-integration-with-trueconf-server","title":{"rendered":"Configuration of Keycloak integration with TrueConf Server"},"content":{"rendered":"<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\"><a href=\"https:\/\/trueconf.com\/products\/server\/server-videokonferenciy\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TrueConf Server<\/a> is a corporate messenger providing video conferencing capabilities. This solution supports password-free Single Sign-On (SSO) authentication via Keycloak which is used as an authentication server.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">To implement this scheme, you should first integrate Keycloak with an LDAP <a href=\"https:\/\/trueconf.com\/blog\/wiki\/active-directory-ldap\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">directory service<\/a> (such as OpenLDAP or Active Directory).<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\"><b>Keycloak<\/b> is an open identity and access management (IAM) platform that makes it easy to add authentication and authorization to web applications and services. It supports standards such as OpenID Connect, OAuth 2.0, and SAML. Moreover, this platform provides integration with LDAP directory services (such as Microsoft Active Directory) and social identity providers. For more details, go to the <a href=\"https:\/\/www.keycloak.org\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">official website<\/a>.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In this article, we will look at the basic installation of Keycloak. We will also show how you can connect the LDAP directory service, and configure integration with TrueConf Server.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">To make sure that Keycloak works correctly with TrueConf Server, you need to follow these steps: install the Keycloak server, configure LDAP in Keycloak, create a client for integration, configure mapping, and configure SSO on the TrueConf Server side. LDAP\/AD and SSO settings are available even in <a href=\"https:\/\/trueconf.com\/docs\/server\/en\/admin\/license\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TrueConf Server Free<\/a>.<\/p>\r\n\r\n<h2 id=\"keycloak-install\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">Keycloak installation<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\"><b>Recommended system requirements:<\/b><\/p>\r\n<ul class=\"ui-list ui-list--medium ui-mb-sm-1 ui-mt-xs-3\">\r\n  <li class=\"ui-list__item ui-list__item--disc\">Operating system: Linux (with JDK 17+ support), Windows (version 10+ recommended)<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\">RAM: 2 GB<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\">Hard disk space: at least 3 GB<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\">Supported DBMS: PostgreSQL (recommended), MySQL\/MariaDB, Microsoft SQL Server, Oracle<\/li>\r\n<\/ul>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Installation is also possible in a Docker container. It is more convenient to install Keycloak on your LDAP\/AD server. In this article, we will look at installing Keycloak natively on a physical machine.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">To do it, you will first need to download and install the <a href=\"https:\/\/adoptium.net\/temurin\/releases\/?spm=a2ty_o01.29997173.0.0.20535171wgUm6S&#038;version=21\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Java Development Kit (JDK)<\/a>.<\/p>\r\n\r\n<h3 id=\"windows\" class=\"h5--main h5--thick black-text ui-mb-xs-3 ui-mt-sm-3\">Windows:<\/h3>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">After installing JDK, launch PowerShell and declare the <code>JAVA_HOME<\/code> variable by running the command below (replace <code>\u201cpath_to_JDK\u201d<\/code> with the full installation path of JDK):<\/p>\r\n<pre class=\"lang:default decode:true wrap:true\">[Environment]::SetEnvironmentVariable(\"JAVA_HOME\", \"path_to_JDK\", \"Machine\")<\/pre>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Download the Keycloak package via the <a href=\"https:\/\/www.keycloak.org\/getting-started\/getting-started-zip\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">link<\/a>. Unzip the archive into a folder of your choice.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Restart PowerShell and start the Keycloak server with the command:\r\n \r\n<pre class=\"lang:default decode:true\">cd path_to_keycloak\\keycloak\\bin\r\n.\\kc.bat start-dev<\/pre> \r\n\r\nWhere <code>path_to_keycloak<\/code> is the full path to the <code>kc.bat<\/code> file.<\/p>\r\n\r\n<h3 id=\"linux\" class=\"h5--main h5--thick black-text ui-mb-xs-3 ui-mt-sm-3\">Linux:<\/h3>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">After installing JDK, launch the terminal, and declare the <code>JAVA_HOME<\/code> variable:<\/p>\r\n<pre class=\"lang:default decode:true wrap:true\">echo 'JAVA_HOME=\"\"' | sudo tee \/etc\/default\/keycloak-env<\/pre>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Download the Keycloak package via the <a href=\"https:\/\/www.keycloak.org\/getting-started\/getting-started-zip\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">link<\/a>. Unzip the archive into a folder of your choice.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Start the Keycloak server:\r\n \r\n<pre class=\"lang:default decode:true\">cd path_to_keycloak\/keycloak\/bin\r\n.\/kc.sh start-dev<\/pre> \r\n\r\nWhere <code>path_to_keycloak<\/code> is the full path to the Keycloak directory.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">We are launching <a href=\"https:\/\/www.keycloak.org\/server\/configuration#_starting_keycloak_in_development_mode\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">dev-mode<\/a>, which is more convenient for initial trial configuration because there is no need to configure HTTPS and a domain name. For more information about Keycloak <a href=\"https:\/\/www.keycloak.org\/server\/configuration\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">configuration<\/a>, <a href=\"https:\/\/www.keycloak.org\/getting-started\/getting-started-zip\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">initial setup<\/a>, and the use of production mode, please refer to the <a href=\"https:\/\/www.keycloak.org\/guides#server\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">official server<\/a> documentation.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Open the page <code>http:\/\/&lt;HOST&gt;:&lt;PORT&gt;<\/code> in your browser, where:<br>\r\n<code>&lt;HOST&gt;<\/code> \u2014 the server address (e.g., localhost)<br>\r\n<code>&lt;PORT&gt;<\/code> \u2014 the Keycloak port (8080 is used by default).<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">On the opened page, click <b>Administration Console<\/b>, then enter the administrator login and password (in Keycloak dev mode \u2014 <b>admin \/ admin<\/b>).<\/p>\r\n\r\n<h2 id=\"ldap-integ\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">Integration of Keycloak with an LDAP directory service<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">To configure LDAP, go to the <b>User federation<\/b> sub-section of the <b>Configure<\/b> section and select <b>LDAP<\/b> in the <b>Add new provider<\/b> menu.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/1.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/1.png\" alt=\"\" width=\"1207\" height=\"716\" class=\"alignnone size-full wp-image-42134\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/1.png 1207w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/1-690x409.png 690w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/1-1024x607.png 1024w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/1-768x456.png 768w\" sizes=\"auto, (max-width: 1207px) 100vw, 1207px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">You will see the LDAP integration settings page. Enter the following mandatory integration data in the corresponding fields:<\/p>\r\n<ul class=\"ui-list ui-list--medium ui-mb-sm-1 ui-mt-xs-3\">\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>UI display name<\/b> \u2014 integration name<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>Vendor<\/b> \u2014 select the LDAP directory family (Active Directory, Red Hat Directory Server, Tivoli, Novell eDirectory, Other)<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>Connection URL<\/b> \u2014 the link to the LDAP directory<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>Bind DN<\/b> \u2014 the unique account name used for binding with the directory<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>Bind credentials<\/b> \u2014 password for the binding account<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>Edit mode<\/b> \u2014 the ability to make changes to the LDAP directory (we recommend using READ_ONLY for the initial setup)<\/li>\r\n  <li class=\"ui-list__item ui-list__item--disc\"><b>Users DN<\/b> \u2014 the unique name of the container (or subtree) where user records are stored.<\/li>\r\n<\/ul>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Use default values for remaining parameters (or enter your own if you previously modified your LDAP directory). After specifying the parameters, check the connection to the directory and authentication by clicking the <b>Test connection<\/b> and <b>Test authentication<\/b> buttons. Next, save changes by clicking <b>Save<\/b>.<\/p>\r\n\r\n<h2 id=\"create-realm\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">Creating a Realm<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">A <b>realm<\/b> in Keycloak is an isolated space where you manage your users, clients, roles, policies, and authentication settings. To set up a correct integration with TrueConf Server, you need to create a <code>trueconf<\/code> realm in Keycloak:<\/p>\r\n<ol class=\"ui-list ui-list--medium ui-mb-sm-1 ui-mt-xs-3\">\r\n  <li class=\"ui-list__item ui-list__item--num\">Click on the name of the selected realm (<b>master<\/b> is selected by default).<\/li>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/2.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/2.png\" alt=\"\" width=\"285\" height=\"413\" class=\"alignnone size-full wp-image-42135\" loading=\"lazy\" title=\"\"><\/a>\r\n  <li class=\"ui-list__item ui-list__item--num\">Select <b>Create realm<\/b>.<\/li>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/3-1.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/3-1.png\" alt=\"\" width=\"256\" height=\"193\" class=\"alignnone size-full wp-image-42136\" loading=\"lazy\" title=\"\"><\/a>\r\n  <li class=\"ui-list__item ui-list__item--num\">On the creation page, enter <b>trueconf<\/b> in the <b>Realm name<\/b> field.<\/li>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/4-1.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/4-1.png\" alt=\"\" width=\"581\" height=\"555\" class=\"alignnone size-full wp-image-42137\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/4-1.png 581w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/4-1-492x470.png 492w\" sizes=\"auto, (max-width: 581px) 100vw, 581px\" \/><\/a>\r\n  <li class=\"ui-list__item ui-list__item--num\">Click <b>trueconf<\/b> in the realm selection context menu.<\/li>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/5-1.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/5-1.png\" alt=\"\" width=\"256\" height=\"224\" class=\"alignnone size-full wp-image-42138\" loading=\"lazy\" title=\"\"><\/a>\r\n<\/ol>\r\n\r\n<h2 id=\"tc-integ\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">Setting up integration with TrueConf Server<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In the control panel of your TrueConf Server, go to <b>Users \u2192 Authentication<\/b>, and in the <b>Authentication Methods<\/b> section, click the <b>Add<\/b> button.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In the pop-up window, select Keycloak, then enter the client name <b>trueconf<\/b>:<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image4.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image4.png\" alt=\"\" width=\"627\" height=\"657\" class=\"alignnone size-full wp-image-42139\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image4.png 627w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image4-449x470.png 449w\" sizes=\"auto, (max-width: 627px) 100vw, 627px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Then click <b>Save<\/b>.<\/p>\r\n\r\n<h2 id=\"create-client\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">Creating a client (connecting to the Keycloak server)<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In the <b>Manage \u2192 Clients<\/b> section, create a new application by clicking the <b>Create client<\/b> button.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image8.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image8.png\" alt=\"\" width=\"871\" height=\"307\" class=\"alignnone size-full wp-image-42140\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image8.png 871w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image8-690x243.png 690w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image8-768x271.png 768w\" sizes=\"auto, (max-width: 871px) 100vw, 871px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In the <b>Client ID<\/b> field, enter the name <b>trueconf<\/b> and then click the <b>Next<\/b> button.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image11.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image11.png\" alt=\"\" width=\"602\" height=\"329\" class=\"alignnone size-full wp-image-42141\" loading=\"lazy\" title=\"\"><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">During the second step (<b>Capability config<\/b>) disable <b>Client authentication<\/b> (required) and <b>Direct access grants<\/b> (optional). For other parameters, you may use the default values.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image15.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image15.png\" alt=\"\" width=\"968\" height=\"410\" class=\"alignnone size-full wp-image-42142\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image15.png 968w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image15-690x292.png 690w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image15-768x325.png 768w\" sizes=\"auto, (max-width: 968px) 100vw, 968px\" \/><\/a>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image2.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image2.png\" alt=\"\" width=\"627\" height=\"657\" class=\"alignnone size-full wp-image-42143\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image2.png 627w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image2-449x470.png 449w\" sizes=\"auto, (max-width: 627px) 100vw, 627px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In the <b>Login settings<\/b> section, enter the link from the <b>Redirect URI<\/b> field (Keycloak integration settings on TrueConf Server) into the <b>Valid redirect URIs<\/b> field, and click <b>Save<\/b>.<\/p>\r\n\r\n<h2 id=\"mapping-config\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">Mapping configuration<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\"><b>Attribute mapping<\/b> is a parameter used to determine which user data (attributes) from Keycloak (e.g., email, firstName, roles) should be passed to the token (ID or Access Token) or to HTTP headers during authentication.<\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Go to the <b>Client scopes<\/b> section and select a <b>profile<\/b>, then go to the <b>Mappers<\/b> tab, select <b>Add mapper<\/b>, and click <b>From predefined mappers<\/b>.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image10.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image10.png\" alt=\"\" width=\"793\" height=\"307\" class=\"alignnone size-full wp-image-42144\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image10.png 793w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image10-690x267.png 690w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image10-768x297.png 768w\" sizes=\"auto, (max-width: 793px) 100vw, 793px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Select <b>upn<\/b> in the pop-up window and click <b>Add<\/b>.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image13.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image13.png\" alt=\"\" width=\"514\" height=\"447\" class=\"alignnone size-full wp-image-42145\" loading=\"lazy\" title=\"\"><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Go back to the <b>User federation<\/b> tab, then <b>Mappers<\/b> \u2192 <b>Add mapper<\/b>, set the <b>upn<\/b> name and select the type <b>user-attribute-ldap-mapper<\/b> from the list.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image1.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image1.png\" alt=\"\" width=\"523\" height=\"775\" class=\"alignnone size-full wp-image-42146\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image1.png 523w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image1-317x470.png 317w\" sizes=\"auto, (max-width: 523px) 100vw, 523px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">In the <b>User Model Attribute<\/b> field, enter <b>upn<\/b>, and in the <b>LDAP Attribute<\/b> field, enter the parameter used on your server (for example, <b>uid<\/b>, <b>sAMAccountName<\/b>; check the documentation provided by your LDAP vendor for more details).<\/p>\r\n\r\n<h2 id=\"sso-config\" class=\"h4--main h4--thick black-text ui-mb-xs-3 ui-mt-md-1\">SSO configuration in TrueConf Server<\/h2>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">To further configure SSO, go to <b>Configure<\/b> \u2192 <b>Realm settings<\/b> \u2192 <b>Endpoints<\/b> \u2192 <b>OpenID Endpoint Configuration<\/b>.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image14.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image14.png\" alt=\"\" width=\"828\" height=\"227\" class=\"alignnone size-full wp-image-42147\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image14.png 828w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image14-690x189.png 690w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image14-768x211.png 768w\" sizes=\"auto, (max-width: 828px) 100vw, 828px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Find the following lines in the JSON file:<br>\r\n<code>\"authorization_endpoint\"<\/code><br>\r\n<code>\"token_endpoint\"<\/code><br>\r\n<code>\"end_session_endpoint\"<\/code><\/p>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Paste the links you received into the corresponding fields in the integration settings:<br>\r\n<code>\"authorization_endpoint\"<\/code> \u2014 in the <b>Authorization form URL<\/b><br>\r\n<code>\"token_endpoint\"<\/code> \u2014 in the <b>Request token URL<\/b><br>\r\n<code>\"end_session_endpoint\"<\/code> \u2014 in the <b>Logout URL<\/b><\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image20.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/image20.png\" alt=\"\" width=\"627\" height=\"657\" class=\"alignnone size-full wp-image-42148\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image20.png 627w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/image20-449x470.png 449w\" sizes=\"auto, (max-width: 627px) 100vw, 627px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Finally, in the <b>Authentication<\/b> \u2192 <b>Zones<\/b> tab, configure the Keycloak authentication for the selected <a href=\"https:\/\/trueconf.com\/docs\/server\/en\/admin\/accounts#auth-networks\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">network segment<\/a>: trusted and\/or public.<\/p>\r\n<a href=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/frame-93.png\" data-rel=\"lightbox-gallery-nau1osEC\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/trueconf.com\/blog\/wp-content\/uploads\/2026\/01\/frame-93.png\" alt=\"\" width=\"880\" height=\"854\" class=\"alignnone size-full wp-image-42179\" loading=\"lazy\" title=\"\" srcset=\"https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/frame-93.png 880w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/frame-93-484x470.png 484w, https:\/\/trueconf.com/blog\/wp-content\/uploads\/2026\/01\/frame-93-768x745.png 768w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\" \/><\/a>\r\n<p class=\"primary-medium-text ui-mb-sm-1 ui-mt-xs-3\">Done! Now your server users can use Keycloak to sign in to TrueConf Server. For further configuration, we recommend reading the <a href=\"https:\/\/www.keycloak.org\/guides\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">official Keycloak documentation<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"TrueConf Server is a corporate messenger providing video conferencing capabilities. This solution supports password-free Single Sign-On (SSO) authentication via Keycloak which is used as an authentication server. To implement this scheme, you should first integrate Keycloak with an LDAP directory service (such as OpenLDAP or Active Directory). Keycloak is an open identity and access management [&hellip;]","protected":false},"author":79,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[260],"tags":[186],"class_list":["post-42115","post","type-post","status-publish","format-standard","hentry","category-knowledge-base","tag-administration","no-wpautop"],"_links":{"self":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts\/42115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/users\/79"}],"replies":[{"embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/comments?post=42115"}],"version-history":[{"count":5,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts\/42115\/revisions"}],"predecessor-version":[{"id":42188,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/posts\/42115\/revisions\/42188"}],"wp:attachment":[{"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/media?parent=42115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/categories?post=42115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trueconf.com/blog\/wp-json\/wp\/v2\/tags?post=42115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}