Assumptions

To get the Digilocker Meripehchaan SSO login button in the login page, you would need to use the keycloak theme instead of the custom theme provided by default.

Pre-requisites

• Keycloak

• Digilocker partner account (https://partners.digitallocker.gov.in/)

• Generate client secrets in (https://apisetu.gov.in/org/consumer/auth_partners)

• Set the redirect url to <domain>/auth/realms/master/broker/oidc/endpoint

Steps to integrate Digilocker Meripehchaan SSO in keycloak

• Goto keycloak admin page <domain>/auth/

• Login with admin credentials

• Goto Identity Providers

• Click on Add provider

• Select OpenID Connect v1.0

• Enter the display name to be showed on the login page, Ex: Login with Digilocker Meripehchaan

• Set the Authorization URL to `https://digilocker.meripehchaan.gov.in/public/oauth2/1/authorize`

• Set the Token URL to `https://digilocker.meripehchaan.gov.in/public/oauth2/2/token`

• Turn on Disable User Info button

• Select Client secret sent as post from Client Authentication` options

• Set Client Id that was generated in Digilocker partner portal

• Set Client Secret that was generated in Digilocker partner portal

• Select consent from Prompt options

• Enable Use PKCE option

• Select S256 from PKCE Method options

Enable default keycloak theme

• Goto keycloak admin page <domain>/auth/

• Login with admin credentials

• Goto clients -> registry-frontend

• Select keycloak from Login Theme options

• Save the changes