Integrating Keycloak with iRODS — Seeking Guidance

32 views

Skip to first unread message

Sandesh Patil

unread,

Aug 6, 2025, 3:19:31 PMAug 6

to iRODS-Chat

Hi all,

I’m exploring options to integrate Keycloak for authentication with iRODS, and I wanted to check with the community if anyone has successfully done this or has guidance on the best approach.

From what I’ve understood so far, integration is possible via either:

the OpenID plugin, or
the iRODS HTTP API (with a custom plugin and OpenID support).

However, I’m finding it difficult to locate the correct versions of the OpenID plugin that are compatible with newer iRODS releases (e.g., 5.0.1). Building from source has also been challenging due to dependency issues.

Has anyone:

Integrated Keycloak with iRODS successfully?
Used the HTTP API for this purpose?
Found a maintained or working OpenID plugin for iRODS 5.x?

Any help or pointers would be appreciated!

Thanks in advance,
Sandesh

Terrell Russell

unread,

Aug 8, 2025, 12:30:00 AMAug 8

to irod...@googlegroups.com

Hello Sandesh,

The contributed OpenID authentication plugin for iRODS was never released. It required an additional service to be running to handle the mapping of OpenID users to iRODS users:

- https://github.com/irods-contrib/irods_auth_plugin_openid

The iRODS HTTP API has direct OIDC support (in front of iRODS as a protected resource):

- https://github.com/irods/irods_client_http_api

The PAM Interactive plugin has been shown to work against a Keycloak-as-SSO for iRODS without running the HTTP API:

- https://github.com/irods/irods_auth_plugin_pam_interactive

with either of these two PAM modules...

- https://github.com/ll4strw/pam_deviceauthgrant

- https://gitlab.kodden.nl/harry/PAM-OIDC-Device-Flow

You can also read through the LEXIS project for some additional hints...

- https://irods.org/uploads/2021/Golasowski-Hayek-Ostrava-Leibniz-Transnational_Data_System_for_HPC_Cloud_Computing_Workflows_based_on_iRODS_EUDAT-paper.pdf

- https://docs.lexis.tech/data_system/irods.html#users-and-projects-management-through-irods-keycloak-syncing-mechanism

- https://indico.cern.ch/event/854707/contributions/3681126/

Anyone else, please share your success stories here as well.

Terrell

--
--
The Integrated Rule-Oriented Data System (iRODS) - https://irods.org

iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to the Google Groups "iRODS-Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to irod-chat+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/irod-chat/cf4caf27-cbab-4371-99c7-977619199389n%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages