Keycloak Integration : Part 1 : Overview

Keycloak logo — courtesy —

Keycloak is an Open Source Identity and Access Management For Modern Applications and Services.

Why Keycloak ? When it is useful

User management is a repeated need across projects. Keycloak supports a wide variety of repeated use cases in user management.

Different application may need different combination of the above features. Since the needs are not exactly the same, we may not be able to reuse one project’s user management in another, generally. But with Keycloak, team has tried to bring well established standards and easy to choose only features that are needed.

Getting started

To make it easier, let’s go with docker approach. I have created a simple repository, which should help us get started

Clone this repo and do the following:

#Bring up the keycloak service with postgres database
docker-compose -f local.yml up

Try : http://localhost:8088/ and click Administration Console. To simplify initial setup, admin account will be auto created with following:

username: admin
Password: testing

After login, please update the password.

Themes Support

Keycloak supports themes for the web application. When running Keycloak with docker, we could keep custom changes away from keycloak and mount them as a volume. `theme` directory is mounted in the docker-compose flow.

Keycloak HTTPS required Issue when deployed to remote server

When deploying to remote server, by default, HTTPS is required for running keycloak on remote servers. In localhost, it doesn’t enforce it.

The problem is, while setting up environment and when domain name is not yet registered, it can be annoying to resolve this issue.

Error message

Steps to resolve it, till we get a HTTPS certificate for the server:

# Connect to the docker container
docker exec -it postgres /bin/sh
# and then execute
psql -U keycloak -d keycloak

by default:

keycloak=# select * from realm;
-[ RECORD 1 ]----------------+-------------------------------------
id | master
access_code_lifespan | 60
user_action_lifespan | 300
access_token_lifespan | 60
account_theme |
admin_theme |
email_theme |
enabled | t
events_enabled | f
events_expiration | 0
login_theme |
name | master
not_before | 0
password_policy |
registration_allowed | f
remember_me | f
reset_password_allowed | f
social | f
ssl_required | EXTERNAL
sso_idle_timeout | 1800

In realm table, ssl_required is EXTERNAL by default. Set it to NONE

keycloak=# update realm set ssl_required='NONE';

exit from the container and restart keycloak (must)