Keycloak is an open source identity and access management solution. Open Source Identity and Access Management
For Modern Applications and Services. By default Keycloak uses an embedded H2 database. This should be sufficient for development on the local machine, but for production we will replace it with a MySQL standalone database
Standalone Installation
Simply, download Keycloak from the Keycloak site. After that extract/unzip to the requisite location. I prefer /opt for the installation. Even you can go with the previous release. Keycloak comes in a few different flavors. There’s a standalone server that can be installed by simply extracting an archive. You can also start Keycloak on Docker or on OpenShift. You can also install Keycloak into an existing WildFly server.
Download and place mysql java connector to this location.
# cd /opt/keycloak-1.9.8.Final/modules/system/layers/keycloak/com/ # mkdir -p mysql/main/ ls -ltrh total 984K -rw-r--r-- 1 ubuntu ubuntu 977K Sep 14 13:08 mysql-connector-java-5.1.44-bin.jar -rw-r--r-- 1 ubuntu ubuntu 282 Sep 14 13:12 module.xml # cat module.xml <?xml version="1.0" ?> <module xmlns="urn:jboss:module:1.3" name="com.mysql"> <resources> <resource-root path="mysql-connector-java-5.1.44-bin.jar" /> </resources> <dependencies> <module name="javax.api"/> <module name="javax.transaction.api"/> </dependencies> </module>
Keycloak schema and User
Create a Keycloak schema and credentials to connect to MySQL Server.
Configurations
Place the keystore.jks file to this location. /opt/keycloak-1.9.8.Final/standalone/configuration
# cd /opt/keycloak-1.9.8.Final/standalone/configuration
MySQL connection details.
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://103.198.365.210:3306/keycloak?useSSL=false</connection-url>
<driver>mysql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>1wHNudifkherl9987f8i7p</password>
</security>
</datasource>
<datasource><drivers>
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers></datasource>
SSL settings
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="fdkj439mdsfjoerm56yrfgcekzwbz" />
</ssl>
</server-identities>
</security-realm></drivers></datasource>
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/></security-realm></drivers></datasource>
Setup Keycloak password with the below command.
./bin/add-user-keycloak.sh -r master -u <username> -p <password>
Start Keycloak Service.
/bin/sh /opt/keycloak/bin/standalone.sh -b <private ip OR locahost>
Browse http://127.0.0.1:8080/auth/ for GUI
Conclusion
We have successfully set Keycloak with SSL easily.
Hi,
I am confused after this section. “MySQL connection details.”
I don’t know where and how to add these codes.
It would be nice of you if you can reply.
Hi Azita,
I’ve clearly mentioned after “Configuration”.
All those changes is needed in “keystore.jks”