Getting Started with Keycloak for Identity and Access Control

By /

Listen to this Post

Keycloak is a powerful open-source Identity and Access Management (IAM) solution that simplifies securing applications and services. It provides features like Single Sign-On (SSO), social login, user federation, and fine-grained authorization. Below is a detailed guide on setting up Keycloak using Docker and essential commands to manage it effectively.

Setting Up Keycloak with Docker

To deploy Keycloak using Docker, run the following command:

docker run -d --name keycloak \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
-p 8080:8080 \
quay.io/keycloak/keycloak:latest start-dev

This starts a Keycloak instance in development mode with:
– Admin username: `admin`
– Admin password: `admin`
– Accessible at `http://localhost:8080`

Keycloak Configuration Steps

1. Access Admin Console:

Navigate to `http://localhost:8080/admin` and log in.

2. Create a Realm:

  • Go to Realm Settings > Add Realm.
  • Provide a name (e.g., myrealm).

3. Create a Client for Your App:

  • Navigate to Clients > Create.
  • Enter `myapp` as the Client ID.
  • Set Root URL to your application’s URL.

4. Add Users & Roles:

  • Under Users, click Add User.
  • Assign roles via Role Mappings.

You Should Know: Essential Keycloak Commands

  • Export Keycloak Configuration: 
    docker exec -it keycloak /opt/keycloak/bin/kc.sh export --dir /tmp/export

  • Enable HTTPS:

Modify the Docker command to include TLS:

docker run -d --name keycloak \
-v /path/to/certs:/etc/x509/https \
-e KEYCLOAK_HTTPS_CERTIFICATE_FILE=/etc/x509/https/tls.crt \
-e KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/tls.key \
-p 8443:8443 \
quay.io/keycloak/keycloak:latest start
  • Backup Keycloak Database:

If using PostgreSQL:

pg_dump -U keycloak -d keycloak > keycloak_backup.sql

Integrating Keycloak with Kubernetes

For cloud-managed Kubernetes (EKS, AKS, GKE), use Helm:

helm repo add bitnami https://charts.bitnami.com/bitnami 
helm install keycloak bitnami/keycloak

What Undercode Say

Keycloak remains a robust IAM solution for both cloud and on-premises environments. By leveraging Docker and Kubernetes, deployment becomes seamless. Essential Linux and Windows commands for managing Keycloak include:

  • Linux: 
    Check Keycloak logs
docker logs keycloak

Restart Keycloak
docker restart keycloak

  • Windows (PowerShell): 

    Check running containers
docker ps

Remove Keycloak container
docker rm -f keycloak

For advanced security, always configure:

  • SSL/TLS encryption
  • Database backups
  • Regular user access audits

Expected Output:

A fully functional Keycloak instance running on `http://localhost:8080` with a configured realm, client, and test users.

Reference: Getting Started with Keycloak

References:

Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: