Keycloak is an open-source identity and access management (IAM) service that provides robust authentication, authorization, and security features for applications and services. It allows organizations to easily manage user identities, secure access to resources, and implement single sign-on (SSO) capabilities, enhancing both user experience and security. Keycloak supports various authentication methods and can be integrated seamlessly with a wide range of applications, making it a valuable tool for identity and access control in modern software development.
Keycloak installation on ubuntu 20.04
Since keycloak is built with java , we need to install java in our machine and make sure that java version is compatible with our keycloak version , we are using version 22.0.5
you can switch to the root user to avoid typing sudo each time you run command by "sudo -i" , however i will continue the tutorial using sudo
installing java-17
sudo apt update
sudo apt install openjdk-17-jdk
Installing keycloak
# any external software should be in the /opt
cd /opt
sudo wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.tar.gz
sudo tar -xvf keycloak-22.0.5.tar.gz
# create a keycloak user and group
groupadd keycloak
useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak
# set the directory ownership
chown -R keycloak: keycloak
chmod o+x /opt/keycloak/bin
# now we have given the keycloak user the permission to
# execute it's binaries
Now we will move the .conf files from the current directory to the /etc
/etc folder is used to save the configuration files
cd /etc
mkdir keycloak
cp /opt/keycloak/conf/keycloak.conf /etc/keycloak/keycloak.conf
# give the keycloak service the ownership to be able to run
#the kc.sh file
chown keycloak: /opt/keycloak/bin/kc.sh
# create a service in the system
cd /etc/systemd/system
nano keycloak.service
the keycloak.service file
[Unit]
Description=Keycloak Authorization Server
After=network.target
Β
[Service]
User=keycloak
Group=keycloak
ExecStart=/opt/keycloak/bin/kc.sh start
ExecStop=/opt/keycloak/bin/kc.sh stop
Restart=always
RestartSec=3
Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
[Install]
WantedBy=multi-user.target
start the keycloak service
systemctl daemon-reload # any change you do on the keycloak.service file run this command after it
systemctl start keycloak.service
systemctl status keycloak.service
before moving the postgresql part , make sure to install the postgresql client on the keycloak vm
apt install postgresql-client-common
Install Postgresql and connect it with our keycloak
sudo apt update
sudo apt install postgresql postgresql-contrib -y
# now switch to the postgresql user to create the keycloak table
sudo -i -u postgres
psql
CREATE DATABASE keycloak;
CREATE USER keycloak WITH PASSWORD 'admin';
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
\q
Now we will configure the postgresql to allow connection from keycloak
#navigate to the postgresql conf file
cd /etc/postgresql/12/main/
sudo nano pg_hba.conf
# scroll down to the IPv4 local connection and add a new line below the existing one
host all all <VM-IP>/32 md5
# we will modify the postgresql.conf file to allow the db to listen from other hosts
sudo nano postgresql.conf
# find the line that have listen_addresses and change it to
listen_addresses = '*'
You can now test the connection locally from the db using this command
psql -h localhost -U keycloak -d keycloak
Configuring the keycloak.service to communicate with the postgresql database
# ssh into your keycloak vm
cd /etc/systemd/system
nano keycloak.service
# add the following lines
Environment="DB_VENDOR=postgres"
Environment="DB_ADDR=Postgresql_IP"
Environment="DB_DATABASE=keycloak"
Environment="DB_USER=keycloak"
Environment="DB_PASSWORD=yourpassword"
# make sure to change the Environments based on your config
sudo systemctl daemon-realod
sudo systemctl restart keycloak
Note: this way we are running keycloak in production mode
Note: i am assuming you have opened the port for both postgresql 5432 and keycloak 8080 (this might differ)
Hope this helped you set up your environment , for any help feel free and don't hesitate to contact me.
Top comments (5)
excellent one
typo sudo systemctl daemon-reload
Thanks Atef , will update it for sure.
Nice guide! Thanks! It helped me alot
Glad that helped you Lee