keycloak standalone安装及配置

keycloak standalone安装及配置

1. keycloak installation:
   首先需要安装external DB (Mariadb, Mysql, h2).
   并且需要 创建keycloak user and grant privileges:

#!/bin/ksh
MYSQL_ROOT_PASSWD=newsys
mysql -uroot -p${MYSQL_ROOT_PASSWD} <<MYSQL_INPUT
show databases;
create database if not exists db4keycloak;
CREATE USER if not exists ‘keycloak’@’%’ IDENTIFIED BY ‘keycloak’;
GRANT ALL PRIVILEGES ON db4keycloak.* to keycloak@’%’ IDENTIFIED BY ‘keycloak’;
GRANT ALL PRIVILEGES ON db4keycloak.* to keycloak@‘localhost’ IDENTIFIED BY ‘keycloak’;
flush privileges;
MYSQL_INPUT

然后 安装 keycloak:
yum install keycloak

or download keycloak rpm package.
then use the following command to install:
rpm -ihv keycloak.rpm.

3. keycloak configuration

/opt/keycloak/bin/control_keystore gen 127.0.0.1 keycloak.jks keycloak initcert keycloak
/bin/cp keycloak.jks /opt/keycloak/security/ssl/.

/opt/keycloak/standalone/configuration directory, there is a xml configuration file named standalone.xml.
jboss.bind.address can be set to 0.0.0.0 to accept any ip request.

         <drivers>
                <driver name="mariadb" module="org.mariadb.jdbc">
                    <xa-datasource-class>org.mariadb.jdbc.MySQLDataSource</xa-datasource-class>
                </driver>
                <driver name="h2" module="com.h2database.h2">
                    <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
                </driver>
            </drivers>
    
             <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
                <connection-url>jdbc:mariadb://localhost:3306/db4keycloak?autoReconnect=true</connection-url>
                <driver>mariadb</driver>
                <security>
                    <user-name>keycloak</user-name>
                    <password>keycloak</password>
                </security>
                <validation>
                    <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
                    <validate-on-match>false</validate-on-match>
                    <background-validation>true</background-validation>
                    <background-validation-millis>30000</background-validation-millis>
                    <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
                </validation>
            </datasource> 

4. keycloak start:
   the following command can be used to start keycloak service.

/opt/keycloak/bin/standalone.sh -c standalone.xml

/etc/systemd/system/keycloak.service.
sudo systemctl enable keycloak
systemctl start keycloak

4). user realm configuration:
创建management user admin-user with the following command:
add-user.sh
this user can be used for management console
http://<host_ip>:9990/console.
可以创建datasource的配置

创建admin用户：
/opt/keycloak/bin/add-user-keycloak.sh -u admin -p admin123 -r master

the following command can be used to create realm/user/roles, set password and add roles to a user:
/opt/keycloak/bin/kcadm.sh config credentials
/opt/keycloak/bin/kcadm.sh create realms
/opt/keycloak/bin/kcadm.sh create clients
/opt/keycloak/bin/kcadm.sh create roles
/opt/keycloak/bin/kcadm.sh set-password
/opt/keycloak/bin/kcadm.sh add-roles
/opt/keycloak/bin/kcadm.sh update realms