Open in app

Sign in

Write

Sign in

How To Setup Basic Configurations In Keycloak Server

Yasindu Wishmith Korawage
Arimac
Published in
6 min readSep 10, 2020

Keycloak is an Open Source Identity and Access Management System which allows to authentication of our system with a very secure and easy way. It does not need to store users and authenticated users.

This blog aims to configure keycloak server with very easy and clear few steps.

Step 01

  1. Make sure to install OpenJDK 1.8 or newer.
  2. Download Keycloak from keycloak website and extract that ZIP file.
  3. Open the directory from a terminal and run following commands.

On Windows:- bin/standalone.bat

On Linux:-bin/standalone.sh

Step 02

At initially, The keycloak has not default admin user. Hence we have to create an admin user.

  1. Go to URL:- http://localhost:8080/auth
  2. After that, you can enter Username, Password, Confirm Password in Administration Console.
  3. Click Administration Console and log with above username and password.

Step 03

Then we can see the Administration Console as shown below.

Administration Console

This is the master realm which is the pre-defined and highest level realm. A realm is mostly responsible for managing a set of users, roles, groups, and credentials. The master realm is not recommended to use for user management and it is only be used for mange another realms. Therefore we have to create a new realm.

  1. put your mouse cursor on Master (top left corner) and you will be able to see Add Realm button and then click it as below.

2. Enter a name for the realm as you want and make sure Enabled is ON. Then click create button. I named as test-office as below. Optionally, you can import a realm as a JSON file. I will not upload any JSON file.

create a realm

Step 04

Then you can involve in to Configure Login.

In the realm setting page, you can go to the Login tab. In this tab, you can enable/disable features in login as your preferences and then click save button.

configure Login

Step 05

Then you can configure Email Settings.

In the realm setting page, you can go to the Email tab.

Email Settings

There are few fields in email settings and Now I explained those things briefly as below.

Host:- Hostname of the SMTP server.

Port:- Port number of the SMTP server.

From Display Name:- You can use a name for appearing email address for clients and it will visible only for receivers instead of the email address. This is optional.

From:- This is the sender email address.

Reply To Display Name:- you can set a user-friendly name for a reply to email address. This is optional.

Reply To:- This is email address to reply. this is optional.

Envelope Form:- This is an email address to which bounced emails are delivered.

I recommend turning SSL and TLS as ON and about Authentication feature as your preferences.

Step 06

Let's Create and Manage Clients.

Go to the client page by left side menu and you will see all clients that had been made initially. you have to click create button to make a new client.

client page

I had entered the client Id as office and root URL as http://localhost:8081/. After that, click save button.

Add Client

Then you redirect to the client settings tab and you can see more fields in settings. However, I will try to explain only more important fields further. You can see Client Settings as below.

client settings

Enabled:- The client can not be to make an authentication request when this is turned OFF.

Consent Required:- When this option is turned ON then the user will be able to Google social signup.

Access Type:- There is three access type as below.

  1. public — used by clients that need to perform a browser login.
  2. confidential — used for server-side clients that need to perform login using a client secret and request for an access token for accessing resources.
  3. bearer-only — only allows bearer token request.

In this client Settings, I have set Access Type as confidential. I have also turned ON.

enabled features
  1. Standard Flow Enabled
  2. Direct Access Grants Enabled
  3. Service Accounts Enabled
  4. Authorization Enabled

Then click the Save button.

Step 7

Let's Create a Role.

Go to the Roles page by left side menu and you will see all roles that had been made initially. you have to click add role button to make a new role.

Then you can enter a name and description for the role. The description is optional. I have entered the name as manager as below and save it.

Step 8

Let's Create a User.

Go to the Users page by left side menu and you will see all user that had been made initially if available. you have to click add user button to make a new user.

Then you can enter email, first name, last name as below and save it.

Step 9

Finally, we can Add above manager role for a newly created user.

  1. Go to the Users page in the left menu and click view all users button.
  2. Click a user(on ID) where you need to add a role.
  3. Visit the role mapping tab and you will see, the manager role will be placed in Available Roles’ box as below picture.

4. Then select on manager role and click Add selected button.

5. Finally, you will see that role is placed to Assigned Roles as below.

6. You will be able to remove roles from a user by the Remove Selected button when you want.

As a conclusion, I believe that blog is important for you and enjoy it. So that clap, share and comments.

Keycloak
Configuration
Basic Setup
Clients And Users
Realms And Roles

--

--

Yasindu Wishmith Korawage
Arimac

Written by Yasindu Wishmith Korawage

46 Followers
Writer for

Passionate software engineer on a journey to explore tech trends & unravel theoretical software concepts. Let's learn & grow together in this coding adventure!

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams