Built-in Registration, Login, and Remember-Me
High Contrast
Dark Mode
Light Mode
Sepia
Forest
1 min read296 words

Built-in Registration, Login, and Remember-Me

Keycloak provides a full-featured email/password authentication system out of the box. No code required — just configuration.

Enabling User Registration

By default, new users cannot self-register. To enable it:

  1. Go to Keycloak Admin → Realm Settings → Login tab
  2. Toggle User registration → ON
  3. Toggle Email as username → ON (recommended)
  4. Toggle Login with email → ON
  5. Click Save

The registration form at http://localhost:8080/realms/myrealm/protocol/openid-connect/auth will now include a "Register" link.

Registration Form Fields

Default fields: First name, Last name, Email, Password, Confirm password.

To add custom fields:

  1. Go to Realm Settings → User Profile
  2. Click Add attribute
  3. Configure field name, display name, validators, permissions

Configuring the Login Page

In Realm Settings → Login:

Setting Description Recommendation
User registration Allow self-registration Enable for public apps
Forgot password Show "Forgot Password?" link Enable
Remember Me "Remember me" checkbox Enable (careful with security policy)
Verify email Require email verification Enable in production
Login with email Use email as username Enable
Duplicate emails Allow duplicate emails Disable

Remember-Me Configuration

When enabled, "Remember Me" creates a long-lived session:

  1. Go to Realm Settings → Sessions
  2. Set Remember Me session settings: - SSO Session Max (Remember Me): e.g., 30d (30 days) - SSO Session Idle (Remember Me): e.g., 7d (7 days idle timeout)

Security considerations for Remember Me: - Only enable on trusted devices - Ensure HTTPS is enforced - Implement logout-all-sessions functionality - Consider IP binding for high-security scenarios

Testing the Login Flow

# Get the login URL for your application
REALM=myrealm
CLIENT_ID=my-web-app
REDIRECT_URI=http://localhost:3000/callback
echo "Login URL: http://localhost:8080/realms/${REALM}/protocol/openid-connect/auth?client_id=${CLIENT_ID}&redirect_uri=${REDIRECT_URI}&response_type=code&scope=openid+email+profile"

Theme Customization

Keycloak's login page is themeable. For quick branding:

  1. Go to Realm Settings → Themes
  2. Login Theme: Choose from built-in themes or custom
  3. For custom themes, extend the base theme with CSS/FTL templates
themes/
└── my-theme/
└── login/
├── theme.properties
├── resources/
│   └── css/
│       └── login.css
└── login.ftl  (override default template)

Flows Summary

User visits /login
│
├── Has valid session? → Redirect to app (SSO)
│
├── Clicks "Register" → Registration form → Email verification → Login
│
├── Enters credentials → Correct → Issue tokens → Redirect to app
│
└── Wrong credentials → Error + brute force counter increment