Open in app

Sign in

Write

Sign in

Openshift, Node and Keycloak

Austin Cunningham
Keycloak
Published in
3 min readJun 16, 2018

Node Express.js

Using keycloak-connect middleware you can protect your endpoints with Keycloak. I cover this in more detail here. Here are the basics install keycloak-connect in a express project.

I added a start script to the package.json.

"scripts": {
"start": "node app.js"
}

Then pushed the changes to a remote git repo. I can now deploy this to Openshift from git. Click on New Project In Openshift , browse the catalog and select node and point to your git repo.

The project is deployed but Openshifts default port is 8080, As the expresss server is serving on 8000 we need to change this to get the route to resolve. We need to edit the Deployment config ,Service and the Route to change this.

You should now be able to click on the link and it should resolve. There is one further thing we need to do this app but that is after we get the Keycloak server up and running.

Keycloak

There is a Keycloak container designed to run with Openshift found at https://hub.docker.com/r/jboss/keycloak-openshift/ which I will use to deploy Keycloak. Click on Add to project and Deploy Image , add jboss/keycloak-openshift to the image name, and add two enviroment variables for the admin username(KEYCLOAK_USER) and password (KEYCLOAK_PASSWORD).

Once the build is finished you will see that no route was setup. Just click on create route and except the defaults.

Once the route is created you can click on it and got to the Keycloak landing page

Click on Administration Console and you can log in with the admin username(KEYCLOAK_USER) and password (KEYCLOAK_PASSWORD).Thats all your Keycloak server is up and running on Openshift.

Connecting the Express server to Keycloak

On the Keycloak server we need to create a Realm and create a Client in the realm, set the valid redirect url for the client i.e. point it at our express server on Openshift, Create a user in the realm and set its password and download the keycloak.json file to the root of our express app. I cover this in more details here. This is a quick overview.

Create a file in the route of your express server project call keycloak.json with the contents from the download e.g.

{
  "realm": "express",
  "auth-server-url": "http://keycloak-openshift-keycloak-project.192.168.42.240.nip.io/auth",
  "ssl-required": "external",
  "resource": "express",
  "public-client": true,
  "confidential-port": 0
}

Commit the changes and push to your remote repo. Then trigger a build for the express Pod to pull the changes from git and deploy them.

That’s it all should be working now.

My Blog

Nodejs
Keycloak
Openshift
Web Hosting
Authentication

--

--

Austin Cunningham
Keycloak

Written by Austin Cunningham

165 Followers
Writer for

Senior Software Engineer at Red Hat https://austincunningham.ddns.net

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams