I'm not sure I fully understand. Are you using a Docker client to authenticate with Keycloak? That works with the standard OIDC flows, but it requires some additional claims in the token which you are adding with a protocol mapper?

On 12 August 2016 at 15:31, Josh Cain <josh.cain@redhat.com> wrote:
Hi All,

We want to use Keycloak as the IDP/Token issuer for authentication with a docker registry as per the specification found here:


I've implemented a Protocol Mapper in Keycloak that successfully uses the IDP to perform a login against a registry/docker client.  Is this something that the team is interested in building into the product?  If so, I'd be happy to push back upstream.

Josh Cain | Software Applications Engineer
Identity and Access Management
Red Hat
+1 843-737-1735

keycloak-dev mailing list