Keycloak SSO: A Game-Changer in Modern Authentication

Keycloak SSO: A Game-Changer in Modern Authentication

Keycloak

ยท

3 min read

What is Keycloak?

Efficient management of user authentication and authorization is critical in the world of distributed systems and current apps. An open-source identity and access management program called Keycloak provides a powerful Single Sign-On (SSO) solution that makes user authentication easier for a variety of apps.

We'll dive into Keycloak SSO in this blog article, going over its works, install and configure.

Method 1: Install as bare metal on Linux

Step1: Install latest Java

Visit https://www.oracle.com/java/technologies/downloads/#java17 and download java17

(OR)

For CentOS, RedHat, Rockylinux

sudo yum -y update
wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm
sudo yum -y install ./jdk-17_linux-x64_bin.rpm

For Ubuntu ,Debian

sudo yum -y update
wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm
sudo dpkg -i ./jdk-17_linux-x64_bin.rpm
#(or)
sudo apt-get install openjdk-17-jdk

Step2:Download keycloak

Visit Official site: https://www.keycloak.org/downloads

(OR)

wget https://github.com/keycloak/keycloak/releases/download/23.0.3/keycloak-23.0.3.tar.gz.sha1
tar -xf keycloak-23.0.3.tar.gz     # Extract Files

Step3: Configure Admin Credentials

Before proceeding to install need to set admin credentials.

export KEYCLOAK_ADMIN=admin            # Username Here
export KEYCLOAK_ADMIN_PASSWORD=admin   # Password here

Step 4: Run keycloak in Dev Mode

Note: If you want run keycloak in production, please skip this step. And go to Step 5

  • For dev and purpose we can Start keycloak in dev mode
cd keycloak-23.0.3      # Change directory 
bin/kc.sh start-dev     # Start Keycloak in dev mode
  • For Run in background mode use & at the end. Like below command
bin/kc.sh start-dev &     # Start Keycloak in dev mode

Step 5: Run Keycloak in Production Mode

  • Keycloak uses Port 8080, make sure it not used by any other services

  • For check port status

ps -ef | grep -i 8080
  • Build Run Keycloak
bin/kc.sh build          # Start Keycloak build 
bin/kc.sh start &        # Start Keycloak in Production mode

Once successfully started , Go to localhost:8080 or <Your_IP_address>:8080

Login using admin credentials.

Once you logged you can see webpage like below.

Step 6: Create New realm

  • By clicking master you can see Create realm

  • Choose Create realm and Enter Realm name

  • now select that realm and procced with next step

Step 7: Integrate with Active Directory

  • Go to and Open Add ladap providers

  • Vendor = Active Directory (you can choose as per required)

  • connection URL: ldap://<your_domain_name>

  • Bind type: simple

  • Bind DN: CN=Administrator,CN=Users,DC=domian,DC=com

  • Bind Credentials: Enter Domain Administrator credentials

  • Edit Mode: READ_ONLY

  • Users DN: CN=Users,DC=domian,DC=com

Note: if your users created different OU in AD, like OU =members

your User DN will be: OU=members,DC=domian,DC=com

  • Import users ON, Sync is ON

  • other setting leave as defaults

  • Click Test the Connections and Test authentication

  • Once Successfully Connected, Go to Action click Sync all Users and Save.

  • Go to Clients and Open Home URL

  • Click Sign in Login using AD user credentials


Backup and Restore:

Exporting a Realm to a File

To export a realm to a file, you can use the --file <file_name_here> option.

If you do not specify a specific realm to export, all realms are exported.

#Export All realm into file
bin/kc.[sh|bat] export --file <file_name_here>

Exporting a specific realm

To export a single realm, you can use the --realm option as follows:

bin/kc.[sh|bat] export [--dir|--file] <path> --realm my-realm
# Export demo realm to file
bin/kc.sh| export --file  --realm demo

Export only realm (without users)

#Export the demo realm without users 
bin/kc.[sh|bat] export --file demo --users skip

Importing a Realm from a File

To import a realm previously exported in a single file, you can use the --file <file> option as follows:

bin/kc.[sh|bat] import --file <realm_file_name_here>

Follow for More ๐Ÿ‘‰

Karthick Dk

ย