Keycloak: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
< | {|class='wikitable' | ||
|- | |||
|valign='top' style='width:50%'| | |||
<syntaxhighlight lang='bash'> | |||
apt update; apt list --upgradable; cd /opt/ | apt update; apt list --upgradable; cd /opt/ | ||
wget https://github.com/keycloak/keycloak/releases/download/ | wget https://github.com/keycloak/keycloak/releases/download/21.0.1/keycloak-21.0.1.tar.gz | ||
tar -xvzf keycloak- | tar -xvzf keycloak-21.0.1.tar.gz | ||
mv keycloak- | mv keycloak-21.0.1 keycloak | ||
</ | </syntaxhighlight> | ||
|valign='top' style='width:50%'| | |||
|} | |||
==Permission== | ==Permission== | ||
< | {|class='wikitable mw-collapsible' | ||
!scope='col' style='text-align:left'| | |||
Permission | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang='bash'> | |||
groupadd keycloak | groupadd keycloak | ||
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak | useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak | ||
| Line 18: | Line 29: | ||
chown keycloak: /opt/keycloak/bin/launch.sh | chown keycloak: /opt/keycloak/bin/launch.sh | ||
nano /opt/keycloak/bin/launch.sh | nano /opt/keycloak/bin/launch.sh | ||
</ | </syntaxhighlight> | ||
|} | |||
==Config== | ==Config== | ||
< | {|class='wikitable mw-collapsible' | ||
!scope='col' style='text-align:left' colspan='2'| | |||
Confige | |||
|- | |||
|valign='top' style='width:50%'| | |||
<syntaxhighlight lang='bash' highlight='4,11' line> | |||
#!/bin/bash | #!/bin/bash | ||
| Line 34: | Line 51: | ||
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3 -bmanagement=0.0.0.0 | $WILDFLY_HOME/bin/standalone.sh -c $2 -b $3 -bmanagement=0.0.0.0 | ||
fi | fi | ||
</ | </syntaxhighlight> | ||
|valign='top' style='width:50%'| | |||
|} | |||
==Service== | ==Service== | ||
< | {|class='wikitable mw-collapsible' | ||
!scope='col' style='text-align:left' colspan='2'| | |||
Service | |||
|- | |||
|valign='top' colspan='2'| | |||
<syntaxhighlight lang='bash'> | |||
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service | cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service | ||
nano /etc/systemd/system/keycloak.service | nano /etc/systemd/system/keycloak.service | ||
</ | </syntaxhighlight> | ||
|- | |||
< | |valign='top' style='width:50%'| | ||
<syntaxhighlight lang='ini' highlight='2,8-10,12,13' line> | |||
[Unit] | [Unit] | ||
Description=The Keycloak Application Server | Description=The Keycloak Application Server | ||
| Line 60: | Line 86: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</ | </syntaxhighlight> | ||
< | |valign='top' style='width:50%'| | ||
<syntaxhighlight lang='bash'> | |||
systemctl daemon-reload | systemctl daemon-reload | ||
systemctl enable keycloak | systemctl enable keycloak | ||
| Line 69: | Line 96: | ||
systemctl status keycloak | systemctl status keycloak | ||
tail -f /opt/keycloak/standalone/log/server.log | tail -f /opt/keycloak/standalone/log/server.log | ||
</ | </syntaxhighlight> | ||
ssh user@idp.chorke.org -L 8080:localhost:8080 -L 9990:localhost:9990 | ssh user@idp.chorke.org -L 8080:localhost:8080 -L 9990:localhost:9990 | ||
http://localhost:8080/ | http://localhost:8080/ | ||
http://localhost:9990/ | http://localhost:9990/ | ||
|} | |||
==Docker Compose== | ==Docker Compose== | ||
{|class='wikitable mw-collapsible' | |||
< | !scope='col' style='text-align:left' colspan='2'| | ||
Docker Compose | |||
|- | |||
|valign='top' style='width:50%'| | |||
docker-compose -f ./docker-compose.yml up -d | |||
|valign='top' style='width:50%'| | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang='yaml'> | |||
version: '3' | version: '3' | ||
volumes: | volumes: | ||
| Line 119: | Line 156: | ||
depends_on: | depends_on: | ||
- postgres | - postgres | ||
</ | </syntaxhighlight> | ||
|valign='top'| | |||
|} | |||
==Knowledge== | ==Knowledge== | ||
{|class='wikitable mw-collapsible' | |||
!scope='col' style='text-align:left' colspan='2'| | |||
Knowledge | |||
|- | |||
|valign='top' style='width:50%'| | |||
docker run --add-host=host.docker.internal:host-gateway\ | docker run --add-host=host.docker.internal:host-gateway\ | ||
--rm alpine ping host.docker.internal | --rm alpine ping host.docker.internal | ||
|valign='top' style='width:50%'| | |||
|} | |||
==References== | ==References== | ||
{| | {|class='wikitable mw-collapsible' | ||
| valign= | !scope='col' style='text-align:left' colspan='3'| | ||
References | |||
|- | |||
|valign='top' style='width:33%'| | |||
* [https://www.baeldung.com/keycloak-embedded-in-spring-boot-app Keycloak Embedded in a Spring Boot Application] | * [https://www.baeldung.com/keycloak-embedded-in-spring-boot-app Keycloak Embedded in a Spring Boot Application] | ||
* [https://stackoverflow.com/questions/51499238 WildFly Management User vs Application User] | * [https://stackoverflow.com/questions/51499238 WildFly Management User vs Application User] | ||
| Line 139: | Line 190: | ||
* [[WildFly]] | * [[WildFly]] | ||
| valign= | |valign='top' style='width:34%'| | ||
* [https://medium.com/devops-dudes/securing-spring-boot-rest-apis-with-keycloak-1d760b2004e Securing Spring Boot REST APIs with Keycloak] | * [https://medium.com/devops-dudes/securing-spring-boot-rest-apis-with-keycloak-1d760b2004e Securing Spring Boot REST APIs with Keycloak] | ||
* [https://packagist.org/packages/idci/keycloak-security-bundle IDCI Keycloak Security Bundle] | * [https://packagist.org/packages/idci/keycloak-security-bundle IDCI Keycloak Security Bundle] | ||
| Line 148: | Line 199: | ||
* [[OAuth2]] | * [[OAuth2]] | ||
* [[OAuth]] | * [[OAuth]] | ||
* [[LDAP]] | |||
* [[JWT]] | * [[JWT]] | ||
|valign='top' style='width:33%'| | |||
* [[Linux User Creation]] | |||
|} | |} | ||
Latest revision as of 22:49, 6 March 2026
apt update; apt list --upgradable; cd /opt/
wget https://github.com/keycloak/keycloak/releases/download/21.0.1/keycloak-21.0.1.tar.gz
tar -xvzf keycloak-21.0.1.tar.gz
mv keycloak-21.0.1 keycloak
|
Permission
|
Permission |
|---|
groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak
chown -R keycloak: /opt/keycloak/
chmod o+x /opt/keycloak/bin/
mkdir /etc/keycloak
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
chown keycloak: /opt/keycloak/bin/launch.sh
nano /opt/keycloak/bin/launch.sh
|
Config
|
Confige | |
|---|---|
#!/bin/bash
if [ "x$WILDFLY_HOME" = "x" ]; then
WILDFLY_HOME="/opt/keycloak"
fi
if [[ "$1" == "domain" ]]; then
$WILDFLY_HOME/bin/domain.sh -c $2 -b $3
else
#$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3 -bmanagement=0.0.0.0
fi
|
|
Service
|
Service | |
|---|---|
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
nano /etc/systemd/system/keycloak.service
| |
[Unit]
Description=The Keycloak Application Server
After=syslog.target network.target
Before=httpd.service
[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/opt/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND
StandardOutput=null
[Install]
WantedBy=multi-user.target
|
systemctl daemon-reload
systemctl enable keycloak
systemctl start keycloak
systemctl status keycloak
tail -f /opt/keycloak/standalone/log/server.log
ssh user@idp.chorke.org -L 8080:localhost:8080 -L 9990:localhost:9990 http://localhost:8080/ http://localhost:9990/ |
Docker Compose
|
Docker Compose | |
|---|---|
docker-compose -f ./docker-compose.yml up -d |
|
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
container_name: postgres
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
pgadmin:
container_name: pgadmin
image: dpage/pgadmin4
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:-pgadmin4@pgadmin.org}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-admin}
ports:
- "5050:80"
restart: unless-stopped
keycloak:
image: jboss/keycloak:7.0.1
container_name: keycloak
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
ports:
- 8090:8080
depends_on:
- postgres
|
|
Knowledge
|
Knowledge | |
|---|---|
docker run --add-host=host.docker.internal:host-gateway\ --rm alpine ping host.docker.internal |
|