What is Keycloak?
Efficient management of user authentication and authorization is critical in the world of distributed systems and current apps. An open-source identity and access management program called Keycloak provides a powerful Single Sign-On (SSO) solution that makes user authentication easier for a variety of apps.
We'll dive into Keycloak SSO in this blog article, going over its works, install and configure.
Method 1: Install as bare metal on Linux
Step1: Install latest Java
Visit https://www.oracle.com/java/technologies/downloads/#java17 and download java17
(OR)
For CentOS, RedHat, Rockylinux
sudo yum -y update
wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm
sudo yum -y install ./jdk-17_linux-x64_bin.rpm
For Ubuntu ,Debian
sudo yum -y update
wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm
sudo dpkg -i ./jdk-17_linux-x64_bin.rpm
#(or)
sudo apt-get install openjdk-17-jdk
Step2:Download keycloak
Visit Official site: https://www.keycloak.org/downloads
(OR)
wget https://github.com/keycloak/keycloak/releases/download/23.0.3/keycloak-23.0.3.tar.gz.sha1
tar -xf keycloak-23.0.3.tar.gz # Extract Files
Step3: Configure Admin Credentials
Before proceeding to install need to set admin credentials.
export KEYCLOAK_ADMIN=admin # Username Here
export KEYCLOAK_ADMIN_PASSWORD=admin # Password here
Step 4: Run keycloak in Dev Mode
Note: If you want run keycloak in production, please skip this step. And go to Step 5
- For dev and purpose we can Start keycloak in dev mode
cd keycloak-23.0.3 # Change directory
bin/kc.sh start-dev # Start Keycloak in dev mode
- For Run in background mode use & at the end. Like below command
bin/kc.sh start-dev & # Start Keycloak in dev mode
Step 5: Run Keycloak in Production Mode
Keycloak uses Port 8080, make sure it not used by any other services
For check port status
ps -ef | grep -i 8080
- Build Run Keycloak
bin/kc.sh build # Start Keycloak build
bin/kc.sh start & # Start Keycloak in Production mode
Once successfully started , Go to localhost:8080 or <Your_IP_address>:8080
Login using admin credentials.
Once you logged you can see webpage like below.
Step 6: Create New realm
By clicking master you can see Create realm
Choose Create realm and Enter Realm name
- now select that realm and procced with next step
Step 7: Integrate with Active Directory
Go to and Open Add ladap providers
-
Vendor = Active Directory (you can choose as per required)
-
connection URL: ldap://<your_domain_name>
Bind type: simple
Bind DN: CN=Administrator,CN=Users,DC=domian,DC=com
Bind Credentials: Enter Domain Administrator credentials
Edit Mode: READ_ONLY
Users DN: CN=Users,DC=domian,DC=com
Note: if your users created different OU in AD, like OU =members
your User DN will be: OU=members,DC=domian,DC=com
-
Import users ON, Sync is ON
-
other setting leave as defaults
Click Test the Connections and Test authentication
Once Successfully Connected, Go to Action click Sync all Users and Save.
- Go to Clients and Open Home URL
- Click Sign in Login using AD user credentials
Backup and Restore:
Exporting a Realm to a File
To export a realm to a file, you can use the --file <file_name_here>
option.
If you do not specify a specific realm to export, all realms are exported.
#Export All realm into file
bin/kc.[sh|bat] export --file <file_name_here>
Exporting a specific realm
To export a single realm, you can use the --realm
option as follows:
bin/kc.[sh|bat] export [--dir|--file] <path> --realm my-realm
# Export demo realm to file
bin/kc.sh| export --file --realm demo
Export only realm (without users)
#Export the demo realm without users
bin/kc.[sh|bat] export --file demo --users skip
Importing a Realm from a File
To import a realm previously exported in a single file, you can use the --file <file>
option as follows:
bin/kc.[sh|bat] import --file <realm_file_name_here>
Follow for More ๐