Skip to content

Instantly share code, notes, and snippets.

View dasniko's full-sized avatar

Niko Köbler dasniko

View GitHub Profile
@dasniko
dasniko / keycloak-stuff.md
Last active September 29, 2023 09:39
Various Keycloak stuff, like URLs, etc.

Keycloak Stuff / URLs

Required Actions

Generic

http(s)://{host}/realms/{realm}/protocol/openid-connect/auth?response_type=code&client_id={clientId}&scope=openid&redirect_uri={redirectUri}&kc_action={requiredActionId}

Example

@dasniko
dasniko / upgrade_keycloak_database_settings.md
Created May 10, 2023 05:06
Upgrade Keycloak Database #settings

Because of Arjuna timeout / closing the connection after 5 mins, setting following additional JAVA_OPTS might help:

-Dquarkus.transaction-manager.default-transaction-timeout=3600
-Dkeycloak.migration.batch-enabled=true
-Dkeycloak.migration.batch-size=1000
@dasniko
dasniko / _keycloak-cluster-config.md
Last active June 5, 2024 06:49
How to configure a Keycloak cluster properly (Quarkus edition)

Keycloak Cluster Configuration (How to)

This is a short and simple example on how to build a proper Keycloak cluster, using DNS_PING as discovery protocol and an NGINX server as reverse proxy.

If you prefer to use JDBC_PING, see @xgp's example gist here: https://gist.github.com/xgp/768eea11f92806b9c83f95902f7f8f80


Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU
NOTE: The video covers JDBC_PING protocol and uses the legacy Keycloak Wildfly distribution!

@dasniko
dasniko / create_x509_certs.md
Last active January 9, 2024 14:49
Creating self signed tls certificates with self-signed root CA
@dasniko
dasniko / _keycloak-cluster-config.md
Last active June 6, 2024 06:20
How to configure a keycloak cluster properly (legacy Wildfly edition)

Keycloak Cluster Configuration (How to) - Legacy Wildfly Distribution!!!

This is a short and simple example on how to build a proper Keycloak cluster, using JDBC_PING as discovery protocol and an NGINX server as reverse proxy.

As this is for legacy Keycloak version (Wildfly based, up until version 17), you can find an example for more current and uptodate versions at this gist here: https://gist.github.com/dasniko/3a57913047af3ca1b6b0a83b294dc1a1


Please see also my video about Keycloak Clustering: http://www.youtube.com/watch?v=P96VQkBBNxU

@dasniko
dasniko / keycloak-json-logging.cli
Created January 9, 2021 14:30
Log in JSON format for Keycloak/Wildfly server.
embed-server --server-config=standalone.xml --std-out=echo
/subsystem=logging/json-formatter=JSON/:add
/subsystem=logging/console-handler=CONSOLE/:write-attribute(name=named-formatter,value=JSON)
stop-embedded-server
@dasniko
dasniko / keycloak-events-logging-cli.md
Last active September 6, 2023 14:35
How to log Keycloak authentication related events...

Keycloak Events Logging CLI commands

The default Keycloak jboss-logging events listener logs the SUCCESS-events on level DEBUG and all ERROR-events on level WARN. The default logging level of the root logger is INFO, so the SUCCESS-events won't occur in the log output.

To change this and to be able to read all the events in the log output, there are 2 options (choose one of them!):

  1. Change log level of the org.keycloak.events category logger:
<html>
<head>
<script src="keycloak.js"></script>
</head>
<body>
<!-- your usual content goes here... -->
<script>
var keycloak = new Keycloak({
url: 'http://localhost:8080/auth',
realm: 'demo',
package dasniko.util;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
/**
* @author Niko Köbler, https://www.n-k.de, @dasniko
*/
public class ToStringUtil {
@dasniko
dasniko / keybase.md
Created October 28, 2017 20:26
keybase.md

Keybase proof

I hereby claim:

  • I am dasniko on github.
  • I am dasniko (https://keybase.io/dasniko) on keybase.
  • I have a public key ASAIPZokcnTYoxb9pRpue-YRXawuvDpwpX7mc_Qp_6gLuQo

To claim this, I am signing this object: