OpenVPN and Keycloak : Link your VPN Infrastructure with your SSO

OpenVPN allows usage of PAM modules. By using an oauth2 client PAM module and password grant, we can use our own SSO (Keycloak) to authenticate users on a VPN infrastructure.

For Oauth2 providers which do not allow Password Grant, we will use a “token authentication” by providing a valid token instead of a password. Code and demo with Google as authentication provider.