before you start make sure you have received your

  • clientid
  • client secret
  • certificate (.p12 file)
  • well known URLs for the target environment


Download the server keycloak Here

after downloading create a directory you need to unzip the data in /tmp/tut

the directory layout should like this one.

Before starting the Keycloak server, we need to configure the certificate for outgoing http requests. Search in /tmp/tut/keycloak-6.0.1/standalone/configuration/standalone.xml for the spi name=”connectionsHttpClient”.

Insert the following information and adapt the client keystore location as well as the passwords to your personal p12 file accordingly.

Starting the keycloak requires an installed Java environment, at least in version 8

Starting the Server

Open your local browser at http://localhost:8080 and you’ll be redirected to the following screen (as long as now admin user set up before).

create a admin user open “Administration Console”

use the username/password typed in before after logging in you will be directed to the Administration Console

Add a new realm an name it myrealm

After the realm is created, open the menu item “Identity Providers” and add “Keycloak OpenID Connect”

Type in the well-known configurations in Import External IdP Config”, e.g.

test environment

production environment

and press Import

click on OpenID Connect Config and Type in clientid and client secret, you got before from verimi

After saving, the Identity Providers menu item the overview is shown as below.

Finally, test it via “Clients” as menu item Click on “accounts” client id base url

and the following login page will be shown

Click in Verimi and you’ll be redirected to the verimi login page!