Introduction to Keycloak
Keycloak is an open source identity authentication and authorization management system that provides a series of functions, including single sign-on (SSO), identity verification, social login, user management, role management, permission management, etc. Keycloak can be integrated into a variety of applications, including web applications, mobile applications, and services. It supports OpenID Connect, OAuth 2.0, and SAML 2.0 standard protocols, has a simple and easy-to-use management console, and provides support for LDAP, Active Directory, and social account logins such as Github and Google, making it very simple to use out of the box.
Keycloak has been updated very frequently in the past two years, and functions and bugs are gradually fixed and improved. He is very popular abroad, but there is very little relevant information in China. Therefore, I leave some content in the hope that it can help others later.
Keycloak service establishment and startup
The environment and version numbers used in this article are as follows:
Keycloak version: 22.0.1 (currently the latest version, other versions are similar)
Platform: Windows 11
Database: PostgreSQL 15.3 64-bit
Set up Keycloak configuration file
Download the keycloak compressed package from the official website and decompress it directly. The file you get is as follows:
Open ./conf/keycloak.confthe file and modify the default configuration:
The main configuration and description are as follows:
# 设置数据库类型,这里用的是postgres
db=postgres
# 设置数据库的用户名
db-username=postgres
# 设置数据库用户密码
db-password=admin
# 设置数据库连接地址及实例
db-url=jdbc:postgresql://localhost/keycloak
# 设置服务端口(不写的时候,使用默认端口8080)
http-port=8080
Create an empty database
Keycloak will automatically create database tables and basic data when it is started for the first time, but there is still a prerequisite: before starting, we need to manually create an empty Database for keycloak to use.
Here we create an keycloakempty database named and click on Saveit.
Start Keycloak service
Start Windows PowerShell, cd the path to \bin\the folder, and enter the command (development mode):
kc.bat start-dev
After the following information is output, the startup is successful.
Next open the browser, enter http://localhost:8080/, and you will see the Keycloak interface.
When starting the service for the first time, you need to register an administrator account first. As a super administrator, you can manage the entire Keycloak.
After entering the username and password, click Createto complete the creation.
After the creation is successful, click Administration Console to log in as the user and enter the Keycloak console.
Keycloak console is as follows:
At this point, the Keycloak service is set up and started. Let's turn around and look at the contents of the database.
These are the tables and basic data automatically created when Keycloak starts.
Okay, the above is about setting up and starting the Keycloak service.
The combination of Keycloak and Spring projects will be introduced later.