Setup Keycloak with SSL and MySQL backend

Keycloak is an open source identity and access management solution. Open Source Identity and Access Management
For Modern Applications and Services. By default Keycloak uses an embedded H2 database. This should be sufficient for development on the local machine, but for production we will replace it with a MySQL standalone database

Standalone Installation

Simply, download Keycloak from the Keycloak site. After that extract/unzip to the requisite location. I prefer /opt for the installation. Even you can go with the previous release. Keycloak comes in a few different flavors. There’s a standalone server that can be installed by simply extracting an archive. You can also start Keycloak on Docker or on OpenShift. You can also install Keycloak into an existing WildFly server.

Download and place mysql java connector to this location.

# cd /opt/keycloak-1.9.8.Final/modules/system/layers/keycloak/com/
# mkdir -p mysql/main/
ls -ltrh
total 984K
-rw-r--r-- 1 ubuntu ubuntu 977K Sep 14 13:08 mysql-connector-java-5.1.44-bin.jar
-rw-r--r-- 1 ubuntu ubuntu 282 Sep 14 13:12 module.xml

# cat module.xml
<?xml version="1.0" ?>
<module xmlns="urn:jboss:module:1.3" name="com.mysql">
 <resources>
 <resource-root path="mysql-connector-java-5.1.44-bin.jar" />
 </resources>
 <dependencies>
 <module name="javax.api"/>
 <module name="javax.transaction.api"/>
 </dependencies>
</module>

Keycloak schema and User

Create a Keycloak schema and credentials to connect to MySQL Server.

Configurations

Place the keystore.jks file to this location. /opt/keycloak-1.9.8.Final/standalone/configuration

# cd /opt/keycloak-1.9.8.Final/standalone/configuration

MySQL connection details.

<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://103.198.365.210:3306/keycloak?useSSL=false</connection-url>
<driver>mysql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>1wHNudifkherl9987f8i7p</password>
</security>
</datasource>

<datasource><drivers>
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers></datasource>

SSL settings

<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="fdkj439mdsfjoerm56yrfgcekzwbz" />
</ssl>
</server-identities>
</security-realm></drivers></datasource>

<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/></security-realm></drivers></datasource>

Setup Keycloak password with the below command.

./bin/add-user-keycloak.sh -r master -u <username> -p <password>

Start Keycloak Service.

/bin/sh /opt/keycloak/bin/standalone.sh -b <private ip OR locahost>

Browse http://127.0.0.1:8080/auth/ for GUI

Conclusion

We have successfully set Keycloak with SSL easily.

Leave a Reply

Your email address will not be published. Required fields are marked *