Netresearch Blog


Our blog contains all news and insights. We make our knowledge available, give tips, and inform you about everything that happens inside and outside our company.

SSO connection with Keycloak for TYPO3 and Magento

AAP Lehrerwelt GmbH, operator of a platform for teaching materials for teachers, would like to give its customers the simplest possible, seamless access to their various online offers. Netresearch took on the task of designing a single-sign-on solution (SSO) and implementing it for various systems such as TYPO3 and Magento.

Why a Single-Sign-On solution for Lehrerwelt?

With an SSO service, the user needs to log in only once. The authentication of the user is completed after a short process. The user then has access to different applications and services. This increases the user-friendliness of the respective portals and services - in the case of Leherwelt: a download platform, the digital desk, and shops for ordering physical teaching materials.

Implementation with the community extension “OpenID Connect Authentication”

For the integration into the TYPO3 CMS of our customer, the TYPO3 extension "OpenID Connect Authentication" was used which serves as the basis for the login and authentication functions against an OpenID server. For the exact identification of the respective frontend user, the user profiles were extended with the respective ID of the OpenID server.

During ongoing operation of the platform, it is important to be able to distinguish between new users and known users who have already been authenticated. In order to be able to display different landing pages to the various user groups, it is necessary to assign certain users to groups. This is achieved by combining the SSO service with a suitable configuration of the custom extension "Frontend User". Here, the users can automatically be assigned to a specific group after authentication. Other user groups that may be used in TYPO3 and are not related to authentication remain unaffected by this assignment.

Using the Keycloak API

User data such as name or e-mail address which can be changed by the users of the Lehrerwelt services should be kept synchronized centrally in Keycloak in real time. The connection to the Keycloak API is therefore created with a TYPO3 extension developed by Netresearch. Mohammad Waleed's Keycloak API Client is used for this. This solution also offers the ability for future expansion if further user data is to be kept centrally in Keycloak.

The Keycloak API also provided good service while initially filling the system before going live. Transferring several 100,000 user data sets with different data structure coming from Magento and TYPO3 was necessary. A Python script was used for this, which filled Keycloak with the dumps of the two user tables.

Summary of SSO integration with Keycloak

Would we integrate Keycloak into TYPO3 again? And were we able to solve the customer's problem? Yes, it was a good experience, even if there are now alternatives. Aside of its advantages, Keycloak also has certain requirements, e.g. because it is written in Java. The template engine and the FreeMaker template language used pose some challenges, as testing and bug fixes were comparatively difficult from a developer's point of view. However, in this project with Keycloak, Netresearch was nonetheless able to significantly expand its expert knowledge.

Would you like to know more about single-sign-on? Then get to know us and book an appointment with our TYPO3 expert today.

Share article:

New Blogposts

Continous Testing: Molecule und Vagrant

By Sebastian Mendel genannt Mendelsohn

How Ansible, Molecule and Vagrant are revolutionizing testing

Make Ansible automations testable and detect deployment errors earlier? Discover how to automate…

Read more
Netresearch: TYPO3 Developer Days Karlsruhe 2022
By Tobias Hein

Netresearch war dieses Jahr mit zwei Pro-Sessions bei den TYPO3 Developer Days in Karlsruhe…

Read more
20 years of AIDA customer relationship
By Caroline Kindervater

Communication, expertise and trust play a major role in the successful implementation of customer…

Read more
Livegang SSO-Anbindung with Keycloak for Lehrerwelt
By Thomas Schöne

For our customer AAP Lehrerwelt GmbH, which is part of the Klett Group, we implemented a…

Read more