DEV Community

yazn zamel
yazn zamel

Posted on

Keycloak 22.0.5 on ubuntu with Postgresql

Keycloak is an open-source identity and access management (IAM) service that provides robust authentication, authorization, and security features for applications and services. It allows organizations to easily manage user identities, secure access to resources, and implement single sign-on (SSO) capabilities, enhancing both user experience and security. Keycloak supports various authentication methods and can be integrated seamlessly with a wide range of applications, making it a valuable tool for identity and access control in modern software development.

Keycloak installation on ubuntu 20.04

Since keycloak is built with java , we need to install java in our machine and make sure that java version is compatible with our keycloak version , we are using version 22.0.5

you can switch to the root user to avoid typing sudo each time you run command by "sudo -i" , however i will continue the tutorial using sudo

installing java-17

sudo apt update 
sudo apt install openjdk-17-jdk
Enter fullscreen mode Exit fullscreen mode

Installing keycloak

# any external software should be in the /opt
cd /opt
sudo wget

sudo tar -xvf keycloak-22.0.5.tar.gz

# create a keycloak user and group
groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak

# set the directory ownership 
chown -R keycloak: keycloak 
chmod o+x /opt/keycloak/bin

# now we have given the keycloak user the permission to 
# execute it's binaries 
Enter fullscreen mode Exit fullscreen mode

Now we will move the .conf files from the current directory to the /etc

/etc folder is used to save the configuration files

cd /etc
mkdir keycloak

cp /opt/keycloak/conf/keycloak.conf /etc/keycloak/keycloak.conf

# give the keycloak service the ownership to be able to run 
#the file
chown keycloak: /opt/keycloak/bin/

# create a service in the system 
cd /etc/systemd/system
nano keycloak.service 
Enter fullscreen mode Exit fullscreen mode

the keycloak.service file

Description=Keycloak Authorization Server
ExecStart=/opt/keycloak/bin/ start
ExecStop=/opt/keycloak/bin/ stop
Enter fullscreen mode Exit fullscreen mode

start the keycloak service

systemctl daemon-reload # any change you do on the keycloak.service file run this command after it
systemctl start keycloak.service 
systemctl status keycloak.service
Enter fullscreen mode Exit fullscreen mode

before moving the postgresql part , make sure to install the postgresql client on the keycloak vm

apt install postgresql-client-common
Enter fullscreen mode Exit fullscreen mode

Install Postgresql and connect it with our keycloak

sudo apt update
sudo apt install postgresql postgresql-contrib -y

# now switch to the postgresql user to create the keycloak table
sudo -i -u postgres



Enter fullscreen mode Exit fullscreen mode

Now we will configure the postgresql to allow connection from keycloak

#navigate to the postgresql conf file 
cd /etc/postgresql/12/main/
sudo nano pg_hba.conf

# scroll down to the IPv4 local connection and add a new line below the existing one 

host    all             all            <VM-IP>/32          md5

# we will modify the postgresql.conf file to allow the db to listen from other hosts

sudo nano postgresql.conf 
# find the line that have listen_addresses and change it to
listen_addresses = '*'
Enter fullscreen mode Exit fullscreen mode

You can now test the connection locally from the db using this command

psql -h localhost -U keycloak -d keycloak

Configuring the keycloak.service to communicate with the postgresql database

# ssh into your keycloak vm 
cd /etc/systemd/system
nano keycloak.service
# add the following lines

# make sure to change the Environments based on your config

sudo systemctl daemon-realod
sudo systemctl restart keycloak
Enter fullscreen mode Exit fullscreen mode

Note: this way we are running keycloak in production mode

Note: i am assuming you have opened the port for both postgresql 5432 and keycloak 8080 (this might differ)

Hope this helped you set up your environment , for any help feel free and don't hesitate to contact me.

Top comments (0)