Keycloak Integration : Part 1 : Overview
Keycloak is an Open Source Identity and Access Management For Modern Applications and Services.
Why Keycloak ? When it is useful
User management is a repeated need across projects. Keycloak supports a wide variety of repeated use cases in user management.
Different application may need different combination of the above features. Since the needs are not exactly the same, we may not be able to reuse one project’s user management in another, generally. But with Keycloak, team has tried to bring well established standards and easy to choose only features that are needed.
To make it easier, let’s go with docker approach. I have created a simple repository, which should help us get started
keycloak-identity-management-demo - This is a demo application trying to achieve user management needs with keycloak…github.com
Clone this repo and do the following:
#Bring up the keycloak service with postgres database
docker-compose -f local.yml up
After login, please update the password.
Keycloak supports themes for the web application. When running Keycloak with docker, we could keep custom changes away from keycloak and mount them as a volume. `theme` directory is mounted in the docker-compose flow.
Keycloak HTTPS required Issue when deployed to remote server
When deploying to remote server, by default, HTTPS is required for running keycloak on remote servers. In localhost, it doesn’t enforce it.
The problem is, while setting up environment and when domain name is not yet registered, it can be annoying to resolve this issue.
Steps to resolve it, till we get a HTTPS certificate for the server:
# Connect to the docker container
docker exec -it postgres /bin/sh
# and then execute
psql -U keycloak -d keycloak
keycloak=# select * from realm;
-[ RECORD 1 ]----------------+-------------------------------------
id | master
access_code_lifespan | 60
user_action_lifespan | 300
access_token_lifespan | 60
enabled | t
events_enabled | f
events_expiration | 0
name | master
not_before | 0
registration_allowed | f
remember_me | f
reset_password_allowed | f
social | f
ssl_required | EXTERNAL
sso_idle_timeout | 1800
In realm table, ssl_required is EXTERNAL by default. Set it to NONE
keycloak=# update realm set ssl_required='NONE';
exit from the container and restart keycloak (must)