Openid-Connect with Keycloak - blank page after login {}

Dear Frappe Community,

I am struggeling for a long time, to get OpenID-Connect (via Keycloak) to work with ERPNext.

Some guys already had that problems in a old discussion, which did not had any solution:

My system has following details:

ERPNext: v14.18.3 (version-14)
Frappe Framework: v14.28.2 (version-14)
FrappeDesk: v0.6.5 (main)
Frappe HR: v14.1.2 (version-14)
Payments: v0.0.1 (develop)

I am using Keycloak on several other setups without any problems and now wanted to use the Social Login Key functionality on ERPNext on:


I was following this documentation in detail:
(!! be aware that the documentation is for a outdated Keycloak version under v20 which uses different URLs. I use v20+ and used the correct urls respectively. )

I used following settings in ERPNext Social Login Key Settings:

Client ID id from openid-connect client copied from my keycloak
Client Secret secret from from openid-connect client copied from my keycloak
Base URL
Authorize URL /protocol/openid-connect/auth
Access Token URL/protocol/openid-connect/token
Redirect URL /api/method/frappe.integrations.oauth2_logins.custom/myrealm
API Endpoint
Auth URL Data {“response_type”: “code”, “scope”: “openid”}

I used following settings in my Keycloak Client setup:

Home URL
Root URL
Valid redirect URIs*


(strangely without error logs or messages in the logs)

  1. I go to my Login page
  2. I click on Login with Keycloak
  3. My Keycloak login openes and I login (successful login log in Keycloak)
  4. Keycloak redirects to ERPNext and a blank page with only “{}” is displayed

URL in Browser

frappe.log content
Form Dict: {‘state’: ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’, ‘session_state’: ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’, ‘cmd’: ‘frappe.integrations.oauth2_logins.custom’}

i cannot open any other url on my ERPNext instance and get right back to the ERPNext Login Page

It seems like ERPNext is not finalizing the login correctly…

Does anybody have a idea how to solve it, please?

this user (Profile - lapphan - Frappe Forum) was able to use keycloak. I don’t know if the user is still active

Yes that is 3 years ago. Keycloak is not some niche Auth provider and especially on authentification in ERPNext there must be some logs for controlling purposes which I could not find anywhere.

I tried to reach Profile - lapphan - Frappe Forum him but he has been last seen 2 years ago…

I would be really happy to finally get it working and then supply a generalized and up to date documentation for the Frappe Docs, which is not based on some outdated fairkom setup on ERPNext v14 version.

Thank you very much.

provide test access to keycloak if you can, I’ll try setting up locally or also provide test access to your ERPNext setup.