Getting started using KEYCLOAK
Introduction
Keycloak is an open-source software product that provides single sign-on with identity and access management for modern applications and services. It’s widely used due to its versatility, offering multiple SSO features, Realms, and Tokens.
In this blog post, I’ll guide you through setting up and using Keycloak locally. We’ll pull a Keycloak Docker image, set up a realm, add users, and create a client.
Setup
To set up Keycloak, ensure you have Docker installed. We’ll pull a Keycloak image to our local Docker Desktop application.
Keycloak offers multiple setup and installation methods. Check them out here
Installing Keycloak
Open a terminal window and enter the following command to pull and run a Keycloak image:
docker run -p 8080:8080 -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e
KC_BOOTSTRAP_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:26.0.0 start-devOnce completed, open Docker and verify that both an image and a container have been created.
To verify that everything is running correctly, access Keycloak by visiting http://localhost:8080 (or whichever port you specified in the previous command). Then, log in using the username and password you set in the command.
Setting up a Realm
A realm in Keycloak is equivalent to a tenant. Each realm allows an administrator to create isolated groups of applications and users. Initially, Keycloak includes a single realm called master. Use this realm only for managing Keycloak, not for managing applications.
For optimal isolation, it’s recommended to create a separate realm for each application. Each realm maintains its own settings and administrators.
Creating a User
In the left navigation, select “Users” and click “Create New User”. Input the username and any additional details you wish to include.
Pay attention to the “Required User Actions” dropdown. This feature allows you to mandate specific actions for users upon their first login, such as configuring OTP, updating password, or verifying email.
After creation, you’ll be redirected to the User Details screen. Here, you can view the user’s GUID and perform various actions such as setting a password or assigning roles.
For simplicity, I’ll just add a temporary password. I’ve selected options requiring the user to change the password and verify their email upon first login.
Testing Login
Open Keycloak and carefully select the realm you just created. In my case, the URL will be http://loalhost:8080/realms/devrealm/account
After filling in all the information, you’ll gain access to various account management features. These include editing your account details, enabling two-factor authentication (2FA), and reviewing login audit logs.
Create a Client
In Keycloak, an application is a Client. To secure an application, we must add it as a client. Make sure that you are still in the same devrealm and click on Clients, then click on Create Client.
For simplicity, I’ll keep all options at their default settings and use the Standard Flow.
In the Login Settings section, enter the redirect URI and Web Origins authorized to use this realm. You can add your application’s homepage or API endpoint for redirection after successful login.
Keycloak provides a test application where you can experiment with the OpenID Connect client using the link below
SeeSharp
There you have it! We’ve successfully set up Keycloak locally, created a realm, added a user, and created a client. In the next part, I’ll guide you through integrating Keycloak with a .NET application. Stay tuned!
If you enjoyed this content, follow me on Medium and LinkedIn.
