Skip to main content

WWPass Identity Provider Integration with Keycloak

This document describes how to add WWPass authentication provider to Keycloak.


WWPass Service Provider certificate and private key are required. Obtain them at

WWPass Identity Provider installation

Detailed description you can find here -

  1. First, Keycloak must be running. See Getting Started, or you can build distribution from source.

  2. Set KEYCLOAK_HOME to your installation directory:

$ export KEYCLOAK_HOME="<path_to_keycloak_root>"
  1. Execute the following. This will build the IdP:
$ mvn clean package
  1. Deploy jar:
$ cp target/wwpass-idp.jar "$KEYCLOAK_HOME/providers/"
  1. Restart (or start) Keycloak.

Add WWPass authentication provider

  1. Login to the Keycloak admin console:

  2. Select a realm or create a new one: 01_select-realm.png

  3. In the current realm go to Identity Providers menu: 02_go-to-IdP.png

  4. Click the Add provider button and select the WWPass authentication: 03_select-wwpass.png

  5. Complete all fields as follows: 04_complete-feilds.png Fields description:

    • Client ID – any string describing this Identity Provider, e.g. wwpass;
    • Client Secret – any string, it will not be used anywhere. This is a Keycloak drawback;
    • Certificate – get the WWPass SP certificate at and paste its content in this field;
    • Private Key – paste certificate’s private key in this field;
    • Use PIN – toggle this option to On if you need Keycloak to request user’s WWPass PassKey PIN;
  6. Click the Add button to add the Identity Provider;

  7. Go to the Authentication menu and click the browser link: 05_go-to-auth.png

  8. Click the gear icon next to the Identity Provider Redirector: 06_select-browser.png

  9. Add wwpass as the Identity Provider redirector: 07_edit-provider-proper.png

  10. Click Save to save changes.