Skip to content

Instantly share code, notes, and snippets.

@john-clark

john-clark/keycloak-install.md

Created November 5, 2022 15:08
Show Gist options
  • Save john-clark/36ca08bcffc620f9b3060c8ba6378ee7 to your computer and use it in GitHub Desktop.
Save john-clark/36ca08bcffc620f9b3060c8ba6378ee7 to your computer and use it in GitHub Desktop.
Download ZIP
keycloak on debian
Raw
keycloak-install.md

Introduction

Installation

Install Java

apt-get update
apt-get install -y default-jdk

Install Keycloak

cd /opt
wget https://github.com/keycloak/keycloak/releases/download/20.0.0/keycloak-20.0.0.tar.gz
sudo tar zxvf keycloak-20.0.0.tar.gz
ln -s keycloak-20.0.0 keycloak

Keycloak Service User

groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /usr/sbin/nologin keycloak

Keycloak Config

mkdir /etc/keycloak
cp /opt/keycloak/conf/keycloak.conf /etc/keycloak/
vi /etc/keycloak/keycloak.cfg
  • change hostname

Keycloak permissions

chown -R keycloak: keycloak
chmod o+rwx /opt/keycloak/bin/

Keycloak Build

/opt/keycloak/bin/kc.sh --help
/opt/keycloak/bin/kc.sh --config-file /etc/keycloak/keycloak.cfg build
/opt/keycloak/bin/kc.sh --config-file /etc/keycloak/keycloak.cfg start-dev

Warning Keycloak is broken. Can not progress past this point.

Service Setup

Keycloak systemd service

vi /etc/systemd/system/keycloak.service

[Unit]
Description=The Keycloak Server
After=syslog.target network.target
Before=httpd.service

[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/opt/keycloak/bin/kc.sh --config-file /etc/keycloak/keycloak.cfg start --optimized
StandardOutput=null

[Install]
WantedBy=multi-user.target

Start Service

systemctl daemon-reload
systemctl enable keycloak
systemctl start keycloak
systemctl status keycloak
journalctl -xe keycloak
tail -f /opt/keycloak/standalone/log/server.log

Administration

cd /opt/keycloak/bin
./add-user-keycloak.sh -r master -u admin -p Passw0rd!
sudo systemctl restart keycloak

./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin  –-password Passw0rd!
./kcadm.sh update realms/master -s sslRequired=NONE

Realm administration

Realm management

http://server-ip:8080
http://server-ip:8080/auth/admin
  • Add a new realm - home
  • Disable SSL for realm
  • Clearing caches
  • Email settings
  • Themes

User management

  • Add a new group
  • Add a new user
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment