Keycloak: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(25 intermediate revisions by the same user not shown)
Line 1: Line 1:
<source lang="bash">
<source lang="bash">
apt update
apt update; apt list --upgradable; cd /opt/
apt list --upgradable
wget https://github.com/keycloak/keycloak/releases/download/21.0.1/keycloak-21.0.1.tar.gz
cd /opt/
tar -xvzf keycloak-21.0.1.tar.gz
wget https://github.com/keycloak/keycloak/releases/download/12.0.3/keycloak-12.0.3.tar.gz
mv keycloak-21.0.1 keycloak
tar -xvzf keycloak-12.0.3.tar.gz
</source>
mv keycloak-12.0.3 keycloak


==Permission==
<source lang="bash">
groupadd keycloak
groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak
chown -R keycloak: /opt/keycloak/
chown -R keycloak: /opt/keycloak/
chmod o+x /opt/keycloak/bin/
chmod o+x /opt/keycloak/bin/
mkdir /etc/keycloak


mkdir /etc/keycloak
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
Line 19: Line 20:
</source>
</source>


<source lang="bash" highlight="4" line>
==Config==
<source lang="bash" highlight="4,11" line>
#!/bin/bash
#!/bin/bash


Line 29: Line 31:
     $WILDFLY_HOME/bin/domain.sh -c $2 -b $3
     $WILDFLY_HOME/bin/domain.sh -c $2 -b $3
else
else
    $WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
  #$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
  $WILDFLY_HOME/bin/standalone.sh -c $2 -b $3 -bmanagement=0.0.0.0
fi
fi
</source>
</source>


==Service==
<source lang="bash">
<source lang="bash">
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
Line 61: Line 65:
systemctl daemon-reload
systemctl daemon-reload
systemctl enable keycloak
systemctl enable keycloak
systemctl start keycloak
systemctl status keycloak
systemctl status keycloak
systemctl start keycloak
tail -f /opt/keycloak/standalone/log/server.log
</source>
 
ssh [email protected] -L 8080:localhost:8080 -L 9990:localhost:9990
http://localhost:8080/
http://localhost:9990/
 
==Docker Compose==
<code>docker-compose -f ./docker-compose.yml up -d</code>
<source lang="yaml">
version: '3'
volumes:
  postgres_data:
      driver: local
services:
  postgres:
      image: postgres
      container_name: postgres
      extra_hosts:
        - "host.docker.internal:host-gateway"
      volumes:
        - postgres_data:/var/lib/postgresql/data
      environment:
        POSTGRES_DB: keycloak
        POSTGRES_USER: keycloak
        POSTGRES_PASSWORD: password
  pgadmin:
    container_name: pgadmin
    image: dpage/pgadmin4
    environment:
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:[email protected]}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-admin}
    ports:
      - "5050:80"
    restart: unless-stopped
  keycloak:
      image: jboss/keycloak:7.0.1
      container_name: keycloak
      environment:
        DB_VENDOR: POSTGRES
        DB_ADDR: postgres
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_SCHEMA: public
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
      ports:
        - 8090:8080
      depends_on:
        - postgres
</source>
</source>
==Knowledge==
docker run --add-host=host.docker.internal:host-gateway\
  --rm alpine ping host.docker.internal


==References==
==References==
{|
| valign="top" |
* [https://www.baeldung.com/keycloak-embedded-in-spring-boot-app Keycloak Embedded in a Spring Boot Application]
* [https://stackoverflow.com/questions/51499238 WildFly Management User vs Application User]
* [https://www.keycloak.org/docs/latest/server_installation/ Server Installation and Configuration Guide]
* [https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9 Setup Keycloak Server on Ubuntu 18.04]
* [https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9 Setup Keycloak Server on Ubuntu 18.04]
* [https://www.baeldung.com/spring-security-oauth-jwt Using JWT with Spring Security OAuth]
* [https://docs.wildfly.org/22/Getting_Started_Guide.htm Getting Started with WildFly 22]
* [https://www.keycloak.org/docs-api/12.0/rest-api/ Keycloak Admin REST API]
* [https://www.keycloak.org/downloads Keycloak Downloads]
* [https://www.keycloak.org/downloads Keycloak Downloads]
* [https://www.keycloak.org/ Keycloak]
* [[WildFly]]
| valign="top" |
* [https://medium.com/devops-dudes/securing-spring-boot-rest-apis-with-keycloak-1d760b2004e Securing Spring Boot REST APIs with Keycloak]
* [https://packagist.org/packages/idci/keycloak-security-bundle IDCI Keycloak Security Bundle]
* [https://dev.to/silentrobi/keycloak-custom-rest-api-search-by-user-attribute-keycloak-3a8c Keycloak Custom Rest Api]
* [https://www.baeldung.com/spring-ejb Spring & EJB Integration]
* [https://www.keycloak.org/docs/latest/authorization_services/index.html#_enforcer_filter Keycloak Policy Enforcer]
* [https://github.com/eugenp/tutorials/tree/master/spring-ejb Spring & EJB Example]
* [[OAuth2]]
* [[OAuth]]
* [[LDAP]]
* [[JWT]]
|}

Latest revision as of 03:07, 19 March 2023

apt update; apt list --upgradable; cd /opt/
wget https://github.com/keycloak/keycloak/releases/download/21.0.1/keycloak-21.0.1.tar.gz
tar -xvzf keycloak-21.0.1.tar.gz
mv keycloak-21.0.1 keycloak

Permission

groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak
chown -R keycloak: /opt/keycloak/
chmod o+x /opt/keycloak/bin/
mkdir /etc/keycloak

cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
chown keycloak: /opt/keycloak/bin/launch.sh
nano /opt/keycloak/bin/launch.sh

Config

#!/bin/bash

if [ "x$WILDFLY_HOME" = "x" ]; then
    WILDFLY_HOME="/opt/keycloak"
fi

if [[ "$1" == "domain" ]]; then
    $WILDFLY_HOME/bin/domain.sh -c $2 -b $3
else
   #$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
   $WILDFLY_HOME/bin/standalone.sh -c $2 -b $3 -bmanagement=0.0.0.0
fi

Service

cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
nano /etc/systemd/system/keycloak.service

[Unit]
Description=The Keycloak Application Server
After=syslog.target network.target
Before=httpd.service

[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/opt/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND
StandardOutput=null

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable keycloak
systemctl start keycloak

systemctl status keycloak
tail -f /opt/keycloak/standalone/log/server.log

ssh [email protected] -L 8080:localhost:8080 -L 9990:localhost:9990
http://localhost:8080/
http://localhost:9990/

Docker Compose

docker-compose -f ./docker-compose.yml up -d 

version: '3'
volumes:
  postgres_data:
      driver: local
services:
  postgres:
      image: postgres
      container_name: postgres
      extra_hosts:
        - "host.docker.internal:host-gateway"
      volumes:
        - postgres_data:/var/lib/postgresql/data
      environment:
        POSTGRES_DB: keycloak
        POSTGRES_USER: keycloak
        POSTGRES_PASSWORD: password
  pgadmin:
    container_name: pgadmin
    image: dpage/pgadmin4
    environment:
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:[email protected]}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-admin}
    ports:
      - "5050:80"
    restart: unless-stopped
  keycloak:
      image: jboss/keycloak:7.0.1
      container_name: keycloak
      environment:
        DB_VENDOR: POSTGRES
        DB_ADDR: postgres
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_SCHEMA: public
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
      ports:
        - 8090:8080
      depends_on:
        - postgres

Knowledge

docker run --add-host=host.docker.internal:host-gateway\
 --rm alpine ping host.docker.internal

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Keycloak&oldid=9672"