Keycloak is an open source software with Identity and Access Management to deliver robust Single-Sign-On (SSO) solution for your modern infrastructure, applications and services. Keycloak is under the Red Hat opensource solutions umbrella.

Keycloak offers additional features such as Admin Console, Social Login, Identity Brokering, User Federation, Client Adapters, and an Account Management Console. If you want to learn more about Keycloak features please visit the official page.

In this tutorial we will install Keycloak Server on Ubuntu 20.04|18.04 Linux system using Podman.

Step 1: Update System

We always start our installations with the update of core system.

sudo apt -y update
sudo apt -y upgrade

Updates of the system will sometime come with Kernel updates which need a reboot.

sudo reboot

Step 2: Install Podman

Install Podman Ubuntu Linux

. /etc/os-release
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install podman

Check Podman version:

$ podman version
Version:      2.2.1
API Version:  2.1.0
Go Version:   go1.15.2
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64

Step 3: Run Keycloak Server on Ubuntu using Podman

With Podman installed you can download the latest Keycloak server container image:

$ podman pull quay.io/keycloak/keycloak
Trying to pull quay.io/keycloak/keycloak:latest...
Getting image source signatures
Copying blob a6b97b4963f5 done
Copying blob 13948a011eec done
Copying blob 25692dfec14d done
Copying blob 259bf3136b5e done
Copying blob 4019a141d2d6 [======================================] 229.8MiB / 229.8MiB
Copying config edf359ca97 done
Writing manifest to image destination
Storing signatures
edf359ca97920ce685ccddf298dad9746bc4132d0447f58d12780c1778fa46e5

From your terminal session start Keycloak server with the following command:

podman run -d \
  --name keycloak \
  -p 8080:8080 \
  -e KEYCLOAK_USER=admin \
  -e KEYCLOAK_PASSWORD=AdminPAssw0rd \
  quay.io/keycloak/keycloak:12.0.1

This will start Keycloak service and expose it on your local port 8080. In the command options we’ve included creation of admin user with username admin and password AdminPAssw0rd

$ podman ps
CONTAINER ID  IMAGE                             COMMAND     CREATED        STATUS            PORTS                   NAMES
1badca37e132  quay.io/keycloak/keycloak:12.0.1  -b 0.0.0.0  4 seconds ago  Up 4 seconds ago  0.0.0.0:8080->8080/tcp  keycloak

Disable https:

[email protected]:~# podman exec -it keycloak bash
bash-4.4$ cd /opt/jboss/keycloak/bin

$ ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin
Logging into http://localhost:8080/auth as user admin of realm master
Enter password: *************

bash-4.4$ ./kcadm.sh update realms/master -s sslRequired=NONE

Step 4: Login to the admin console

Go to the Keycloak Admin Console and login with the username and password you created earlier.

http://[serverip_or_hostname]:8080/auth/admin

Use set username and password to login:

You should get admin console looking similar to below.

Step 5: Creating a realm

In Keycloak realm is the equivalent of a tenant. It allows creating isolated groups of applications and users. By default there is a single realm in Keycloak called master. This is dedicated to manage Keycloak and should not be used for your own applications.

To create your first realm follow the steps below:

  1. Open the Keycloak Admin Console
  2. Hover the mouse over the dropdown in the top-left corner where it says Master, then click on Add realm
  3. Fill in the form with the following values:
    • Name: myrealm

Step 6: Adding a user to Keycloak

After installation there are no users in your Keycloak server. To add new users login to Keycloak Admin Console and navigate to:

Manage > Users > Add User

Fill user required information.

Assign user initial password under “Credentials” section.

Fill in the Set Password form with a user’s password.

If you want to prevent having to update password on first login, click ON next to Temporary to turn it off.

You can now try to login to the account console with the new user to verify it is configured correctly.

With Keycloak server setup start securing your first application by going through official documentation pages.

LEAVE A REPLY

Please enter your comment!
Please enter your name here