Keycloak Set Up With SSO Demo
Version: 20.0.3
Feature Demo: Authentication And SSO
3 min readJan 28, 2023
- Download keycloak Quarkus Distribution from here.
- Unzip and you will get the folder structure as below
- Move to bin folder and start keycloak server with below command. Open http://localhost:8080/ and you will be prompted to set an admin user. Initialize and proceed.
cd bin
./kc.sh start-dev
- Let’s create a Realm now and configure a user at that Realm.
- Note Keycloak by default uses h2 database (default port 8082), which you can view by running jar present in keycloak directory as mentioned below. You will be able to see the user created in USER_ENTITY table.
cd keycloak-20.0.3/lib/lib/main
java -jar com.h2database.h2-2.1.214.jar
jdbc:h2:file:~/keycloak/keycloak-20.0.3/data/h2/keycloakdb;AUTO_SERVER=TRUE
username : sa
password : password
- Create a client and switch on client authentication. Client secret key will be generated, ask this from the client for any operation.
- You can now test login and validate the token using the below curls :
curl --location --request POST 'http://localhost:8080/realms/TEST/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=test user' \
--data-urlencode 'password=1234' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=ClientDemo1' \
--data-urlencode 'client_secret=Ul5eiCHA4bonN6tcKPsVOiqBlUzAp1vW' \
--data-urlencode 'scope=openid
curl --location --request POST 'http://localhost:8080/realms/TEST/protocol/openid-connect/token/introspect' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_secret=Ul5eiCHA4bonN6tcKPsVOiqBlUzAp1vW' \
--data-urlencode 'client_id=ClientDemo1' \
--data-urlencode 'token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ3N1A0ZmJLQ2RZU1k2cXVkNWpOYVBNOEhHa0VJS2ZKR0k0MTBMOEN2N3FJIn0.eyJleHAiOjE2NzQ4ODE2NjcsImlhdCI6MTY3NDg4MTM2NywianRpIjoiMGU2Y2Y4ZGEtYzdkYS00NDE4LWEwZDEtYzJhNjI5MmYwMWU2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9URVNUIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImYzZDJhMTFmLTcxNDAtNDQzZS05NzRkLTBkMDQyMWM2NTBkZCIsInR5cCI6IkJlYXJlciIsImF6cCI6IkNsaWVudERlbW8xIiwic2Vzc2lvbl9zdGF0ZSI6ImQ1NGZjMjA1LTkyZGEtNDA5NC1hZWM0LTUyMDg1YjA3OTBhYSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJzaWQiOiJkNTRmYzIwNS05MmRhLTQwOTQtYWVjNC01MjA4NWIwNzkwYWEiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJUZXN0IFVzZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0IHVzZXIiLCJnaXZlbl9uYW1lIjoiVGVzdCIsImZhbWlseV9uYW1lIjoiVXNlciIsImVtYWlsIjoidGVzdHVzZXIxMjNAZ21haWwuY29tIn0.EVwtQwXbA2KLIdmsOQrq9XbRJrhl1CeZPgrboE9yd8dYEbNZ0a0-2Lx9kySLilFPaXp1tuVw6zXH1QVp441B1xmZU-erEtCOq7hHADbfL_aHux9wvaCVXGKr3gwRq359UhmZKyg4XZ1qNOJqMicWKubpiqKgRJa0mk6EMy7fibKzANqaiVAluI_H1mpTxsoFCcTiXwllWnzpFeIymdNu_D1UeMYaHEIBlS-vVxTMbS75u5yaqwq5g-Gk_hqRihzSRZbTSXwz-EBEz6LmJPSkxhqlKwa-3JevgTlXOwddbv2yWnk4w3frr0euf4YW255otrZs-NWoBaYNq_tQKrSbnQ'
- Note you can create one more client and validate above token by that client, you will then be successfully testing the SSO feature of keycloak in which all the clients within a realm can share token (if no restrictions are imposed).
For browser-based integration, check the demo below.