DEV Community

yazn zamel
yazn zamel

Posted on • Edited on

Keycloak 22.0.5 on ubuntu with Postgresql

Keycloak is an open-source identity and access management (IAM) service that provides robust authentication, authorization, and security features for applications and services. It allows organizations to easily manage user identities, secure access to resources, and implement single sign-on (SSO) capabilities, enhancing both user experience and security. Keycloak supports various authentication methods and can be integrated seamlessly with a wide range of applications, making it a valuable tool for identity and access control in modern software development.

Keycloak installation on ubuntu 20.04

Since keycloak is built with java , we need to install java in our machine and make sure that java version is compatible with our keycloak version , we are using version 22.0.5

you can switch to the root user to avoid typing sudo each time you run command by "sudo -i" , however i will continue the tutorial using sudo

installing java-17

sudo apt update 
sudo apt install openjdk-17-jdk
Enter fullscreen mode Exit fullscreen mode

Installing keycloak

# any external software should be in the /opt
cd /opt
sudo wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.tar.gz

sudo tar -xvf keycloak-22.0.5.tar.gz

# create a keycloak user and group
groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak

# set the directory ownership 
chown -R keycloak: keycloak 
chmod o+x /opt/keycloak/bin

# now we have given the keycloak user the permission to 
# execute it's binaries 
Enter fullscreen mode Exit fullscreen mode

Now we will move the .conf files from the current directory to the /etc

/etc folder is used to save the configuration files

cd /etc
mkdir keycloak

cp /opt/keycloak/conf/keycloak.conf /etc/keycloak/keycloak.conf

# give the keycloak service the ownership to be able to run 
#the kc.sh file
chown keycloak: /opt/keycloak/bin/kc.sh

# create a service in the system 
cd /etc/systemd/system
nano keycloak.service 
Enter fullscreen mode Exit fullscreen mode

the keycloak.service file

[Unit]
Description=Keycloak Authorization Server
After=network.target
Β 
[Service]
User=keycloak
Group=keycloak
ExecStart=/opt/keycloak/bin/kc.sh start
ExecStop=/opt/keycloak/bin/kc.sh stop
Restart=always
RestartSec=3
Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
[Install]
WantedBy=multi-user.target
Enter fullscreen mode Exit fullscreen mode

start the keycloak service

systemctl daemon-reload # any change you do on the keycloak.service file run this command after it
systemctl start keycloak.service 
systemctl status keycloak.service
Enter fullscreen mode Exit fullscreen mode

before moving the postgresql part , make sure to install the postgresql client on the keycloak vm

apt install postgresql-client-common
Enter fullscreen mode Exit fullscreen mode

Install Postgresql and connect it with our keycloak

sudo apt update
sudo apt install postgresql postgresql-contrib -y

# now switch to the postgresql user to create the keycloak table
sudo -i -u postgres

psql
CREATE DATABASE keycloak;
CREATE USER keycloak WITH PASSWORD 'admin';
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;

\q

Enter fullscreen mode Exit fullscreen mode

Now we will configure the postgresql to allow connection from keycloak

#navigate to the postgresql conf file 
cd /etc/postgresql/12/main/
sudo nano pg_hba.conf

# scroll down to the IPv4 local connection and add a new line below the existing one 

host    all             all            <VM-IP>/32          md5

# we will modify the postgresql.conf file to allow the db to listen from other hosts

sudo nano postgresql.conf 
# find the line that have listen_addresses and change it to
listen_addresses = '*'
Enter fullscreen mode Exit fullscreen mode

You can now test the connection locally from the db using this command

psql -h localhost -U keycloak -d keycloak

Configuring the keycloak.service to communicate with the postgresql database

# ssh into your keycloak vm 
cd /etc/systemd/system
nano keycloak.service
# add the following lines
Environment="DB_VENDOR=postgres"
Environment="DB_ADDR=Postgresql_IP"
Environment="DB_DATABASE=keycloak"
Environment="DB_USER=keycloak"
Environment="DB_PASSWORD=yourpassword"

# make sure to change the Environments based on your config

sudo systemctl daemon-realod
sudo systemctl restart keycloak
Enter fullscreen mode Exit fullscreen mode

Note: this way we are running keycloak in production mode

Note: i am assuming you have opened the port for both postgresql 5432 and keycloak 8080 (this might differ)

Hope this helped you set up your environment , for any help feel free and don't hesitate to contact me.

Top comments (5)

Collapse
 
atef_fefdc43d5648 profile image
Atef Ghoulem

excellent one
typo sudo systemctl daemon-reload

Collapse
 
yaznzamel profile image
yazn zamel

Thanks Atef , will update it for sure.

Collapse
 
lee_zhenjian_1aa83d094c1 profile image
Lee Zhen Jian

Nice guide! Thanks! It helped me alot

Collapse
 
yaznzamel profile image
yazn zamel

Glad that helped you Lee