Keycloak Terms & Privacy Policy Configuration

September 30, 2024

When I first started using Keycloak earlier this year I almost immediately hit a heavy roadblock, how do you require user consent to your terms and conditions and privacy policy? After browsing the Keycloak forums it became apparent that multiple users were hitting this wall. And from what I could find online, it seemed that to actually require user consent on terms and conditions etc. on user registration would require heavy modifications for a beginner. I played around more though and was amazed to discover that Keycloak does indeed have this capability built-in and even more. In this tutorial I go through how to easily require user consent to site terms and conditions and privacy policies, all while not touching a single line of code or modifying Keycloak themes etc.

Let’s Dive!

Configuring the Keycloak Login / Register Pages

We will first configure a few settings on our Login and Register pages. From within the Keycloak Admin Console select the realm which you want to configure and in the left-hand menu bar select “Realm Settings”.

In the “Realm Settings” menu select “Login”.

Here you can configure the login and register settings as needed, the only setting that we need to configure for the purposes of this tutorial is the “User registration” setting, we will need to set that to “On”.

Requiring Terms & Privacy Consent

In this next step we will configure Keycloak to require user consent to the site Terms & Conditions and Privacy Policy on user registration. In the “Realm Settings” go to the “User Profile” tab in the menu.

Here you can see and manage various user attributes including username, email, first name, etc. We will select “Create attribute”.

Give the attribute a name, we’ll just enter “terms-conditions”, then give the attribute a display name, we’ll say “Terms and Conditions”. Leave the “Multivalued” setting as “Off”. You can assign the attribute to a group if you want. Be sure that the “Enabled when” setting is set to “Always”, and turn the “Required field” setting to “On”.

You can adjust the “Required for” setting to your use case, you will probably at least want to set it to require it for users. Be sure that the “Required when” setting is set to “Always”.

In the “Permission” section we want to ensure that admin’s CANNOT edit this attribute, (because then your users could accuse you of tweaking or messing with their consent, which might land you in legal trouble (btw I am not a lawyer, just a disclaimer 🙂 ) You will want to set the “Who can view?” setting to both admins and users.

Then we will add a validator. Set the validator type to “options” and in the “Options” field enter “I agree to the <Company Name> terms and conditions <Link>”, or whatever text you want to use to require users to agree to your site terms and conditions. Basically we have created a set of “options” that we require users to choose between, however there is only one “option” and that is to “agree”. This effectively requires users to consent to site terms and the site’s privacy policy.

In the “Annotations” section we will set the key to “inputType” and set the value to “multiselect-checkboxes”. There are other valid “values” we could use, however most users are used to checking a checkbox so we will just use that.

Save the attribute.

Now if we navigate to our Keycloak realm’s login screen and select the “register” link we will see the site registration form and at the bottom is our Terms and Conditions consent checkbox.

And if we attempt to submit the form without consenting to the Terms and Conditions we get this notice.

We would follow the same process to require consent for the site privacy policy and any other polciies for which we require user consent on registration.

That’s a wrap! Thanks for reading and I hope you enjoyed it!

Walter Miely is a tech entrepreneur and CEO of Phoenix Ignited Tech You can find him on Linkedin. This material is licensed under the CC BY 4.0 License LEGAL DISCLAIMER: The content provided here is provided AS IS, and part of, or the entirety of this content may be incorrect. Please read the entireLegal Disclaimer here.

Keycloak Terms & Privacy Policy Configuration