Keycloak config
- Download OpenJDK version from keycloak.org
- Unpack
- Test
- ./bin/standalone.sh
nc -w1 -i1 -v localhost 8080
- Config for systemd
- create keycloak.service (see sample at end)
sudo cp keycloak.service /usr/lib/systemd/system/
sudo systemctl enable --now keycloak.service
sudo systemctl status keycloak.service
- Config for TLS
- Remove http element from ssl element in configuration/standalone.xml
- Create self-signed cert in configuration folder
keytool -genkey -alias server -keyalg RSA -keystore keycloak.jks -keysize 2048
- Modify https element in ssl element to reflect self-signed cert
- Restart keycloak service and verify TLS on port 8443 (TBD: change port?)
timeout 1 openssl s_client -connect $(hostname -f):8443 |& head -22
- Test from remote system
- Modify standalone.sh to listen on all IPs (e.g. SERVER_OPTS=" -b 0.0.0.0 ")
nc -w1 -i1 -v ip-172-31-22-39.us-west-2.compute.internal 8443
- Access https://ip-172-31-22-39.us-west-2.compute.internal:8443/ from browser
cat keycloak.service
[Unit]
Description=Keycloak IDp
After=network.target time-sync.target
[Service]
Type=simple
ExecStart=/home/ec2-user/keycloak-10.0.2/bin/standalone.sh
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=30s
[Install]
WantedBy=multi-user.target
- Add a Realm
- Add users to the realm
- Add an OpenID "Client"
- Step through form using mostly defaults
- Pick a unique name
- Create a secret on Security tab
- Add a SAML "Client"
- Use Hue xml metadata with upload button