Rancher v2.X KeyCloak Authentication Backend Configuration

Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it ( That's the reason why here every single required step is documented down here.

KeyCloak Configuration

I simply use the default master realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.

  1. Login as admin on Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use the admin account in this guide, this prerequisite is already achieved.
  2. Create a new client under
    • Client ID:
serpensalbus / config.modules.sso-connector.virtualUriMappings.yaml
Last active February 4, 2020 08:50
Virtual URI mapping example for bootstrapping in Magnolia
'jcr:primaryType': mgnl:content
'class': info.magnolia.multisite.mapping.MultiSiteRootVirtualUriMapping
'fromUri': /sso
'toUri': redirect:/.magnolia/admincentral
'authenticationServiceName': keycloakOpenIDConnectMagnoliaAdminCentral
'class': info.magnolia.cms.util.SimpleUrlPattern
'patternString': /.magnolia/admincentral
serpensalbus / usergroups.superuser.yaml
Created February 4, 2020 08:46
Magnolia superuser group.
'description': Superuser Group for SSO.
'jcr:primaryType': mgnl:group
'jcr:uuid': bd94e13f-12b7-47d1-a341-42a442d409d5
'mgnl:created': 2019-07-23T16:14:34.779+02:00
'mgnl:createdBy': superuser
'mgnl:lastModified': 2020-01-17T16:09:14.515+01:00
'mgnl:lastModifiedBy': superuser
'title': superuser
'accessTokenEndpoint': http://localhost:8180/auth/realms/Magnolia%20AdminCentral/protocol/openid-connect/token
'authorizationBaseUrl': http://localhost:8180/auth/realms/Magnolia%20AdminCentral/protocol/openid-connect/auth
'callbackURL': http://localhost:8080/magnoliaAuthor/.auth
'clientId': mgnl-admincentral
'clientSecret': 273263dd-4229-472d-a897-0083ed37ba01
'endSessionEndpoint': http://localhost:8180/auth/realms/Magnolia%20AdminCentral/protocol/openid-connect/logout
'externalGroupsManagement': true
'openIdAccessTokenAttributeName': openIdToken
'openIdEnabled': true
serpensalbus / jaas.config
Created February 4, 2020 08:43
JAAS config Magnolia example configuration file
* options for JCRAuthenticationModule module:
* realm: to restrict the login to a certain realm
* use_realm_callback: to allow the GUI to pass the realm to login into
* skip_on_previous_success: if true the login is scipped if a former module proceeded a successfull login
* example:
* info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite realm=public;
* info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite realm=admin skip_on_previous_success=true;
serpensalbus / jackrabbit-bundle-postgres-search-database.xml
Last active January 18, 2022 10:25
JCR / Jackrabbit configuration for using Magnolia CMS with PostgreSQL without filesystem.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 2.0//EN" "">
<DataSource name="magnolia">
<param name="driver" value="org.postgresql.Driver" />
<param name="url" value="jdbc:postgresql://localhost:5432/magnolia" />
<param name="user" value="mgnl" />
<param name="password" value="mgnlpass" />
<param name="databaseType" value="postgresql"/>
serpensalbus / jackrabbit-bundle-postgres-search.xml
Last active January 18, 2022 10:20
JCR / Jackrabbit configuration for using Magnolia CMS with PostgreSQL.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 2.0//EN" "">
<DataSource name="magnolia">
<param name="driver" value="org.postgresql.Driver" />
<param name="url" value="jdbc:postgresql://localhost:5432/magnolia" />
<param name="user" value="mgnl" />
<param name="password" value="mgnlpass" />
<param name="databaseType" value="postgresql"/>
serpensalbus /
Created February 23, 2017 12:53
Custom sorting of columns in Magnolia 5 content apps
import info.magnolia.ui.vaadin.integration.jcr.JcrItemId;
import info.magnolia.ui.vaadin.integration.jcr.JcrItemUtil;
import java.util.Comparator;
import javax.jcr.Item;
import javax.jcr.Node;