Keycloak

Keycloak integration for Bot Protection

This integration guarantees the protection of Keycloak services through their supported reverse proxies.

Compatibility

This module has been tested and verified on Keycloak 25.

To be able to protect Keycloak, you need to have a reverse proxy in front of it.
DataDome can be integrated on any reverse proxies supported by Keycloak.

Prerequisites

Configuration

  1. Configure the reverse proxy
    Update your proxy's configuration file to expose the recommended paths.
    Refer to your proxy's documentation on how to protect specific paths.
  2. Create your custom theme
    This theme will allow you to inject the JavaScript Tag in the Accounts and Login theme of your Keycloak instance.
    Name the new custom theme mytheme.
cd keycloak-*/

mkdir -p themes/datadome/account/resources/js
touch themes/datadome/account/resources/js/script.js
touch themes/datadome/account/theme.properties

mkdir -p themes/datadome/login/resources/js
touch themes/datadome/login/resources/js/script.js
touch themes/datadome/login/theme.properties
  1. Inject the JavaScript Tag
    Fill the script.js files with the given code:
window.ddjskey = 'DATADOME_CLIENT_SIDE_KEY';

var script = document.createElement('script');

// URL used to download the JS Tag (change default for 1rst party tag).
script.src = 'https://js.datadome.co/tags.js';
script.async = true;
script.type = 'text/javascript';

document.head.prepend(script);

Replace the DATADOME_CLIENT_SIDE_KEY value with your client-side key.

  1. Define the properties of your themes
    Update both of the theme.properties files to extends the default theme.
parent=keycloak.v3
import=common/keycloak
scripts=js/script.js
parent=keycloak
import=common/keycloak
scripts=js/script.js

🚧

Theme to extend

The theme to extend in the parent field can differ between theme types and Keycloak versions.

Refer to the official documentation and Keycloak release notes to extend the correct theme.

  1. Restart Keycloak
    The goal is to load the new theme inside Keycloak.
  2. Use your custom theme
    Connect to the admin console of your Keycloak service.
    Change the account and login theme to use in your Realm settings, and save your changes.
  1. Update the Content-Security-Policy
    Add geo.captcha-delivery.com in the frame-src to allow our response pages to be loaded from an <iframe> element when a request is challenged.
Change the Content-Security-Policy value

Change the Content-Security-Policy value

  1. Restart your reverse proxy service

Congratulations! Your Keycloak service is now protected by DataDome.

FAQ

Where can I find a demo for this integration?

We provide a docker-compose project with the setup and the configuration to help you set up the protection of your Keycloak instance with DataDome.