Keycloak is an open source Identity and Access Management tool that makes it simple and quick to add user sign-up, sign-in, and access control to your web and mobile applications.
Keycloak supports standard protocols such as OAuth 2.0, OpenID Connect, and SAML. Keycloak provides single sign on solution, meaning a user can authenticate to multiple systems with a single login ID and password.
Keycloak also provides social login features which means Keycloak can delegate authentication to third party identity providers like Google, Facebook.
Keycloak is designed to make the life of software developers easy as it provides out of the box security features which are configurable and simple to integrate with applications and services. Keycloak provides customizable interfaces for registration, login, account management, and administration.
This tutorial will guide you to setup and use Keycloak so that you can assess it before deploying it in a production environment. It explains how to set up a standalone Keycloak server, create accounts and realms for managing users and apps:
The server can be installed on either Linux or Windows.
To install and run the Keycloak server, follow the steps below:
$ sudo tar -xvzf keycloak-15.0.2.tar.gz
cd keycloak-15.0.2/bin/ standalone.bat
$ cd keycloak-15.0.2/bin/ $ ./standalone.sh
The server should run without any error.
You must first create an admin account, which you will use to access the Keycloak admin console.
Follow the steps below to create an admin account:
You can access the admin panel after creating the initial admin account to add users and register applications to be protected by Keycloak from this admin console.
Go to http://localhost:8080/auth/admin/ or click the Administration Console link on the Welcome page.
To access the admin console, enter the username and password you created on the Welcome page. The admin console's main screen appears as shown below:
A realm is responsible for managing a set of users, roles, groups, and credentials. From the admin interface, you can start creating realms, which will allow administrators to create users and grant them access to apps.
There are two types of realms:
Follow the steps below to create a realm:
Follow the steps below to create a new user with a temporary password in the my-test-realm:
The account console is accessible to every user in a realm. You can now try logging in with the user in the realm that you just created and test updating your profile information and change your credentails.
Follow these steps to login into the account console:
You're now ready to secure your web application and services with Keycloak. See how a sample Spring Boot application is being secured here.
NOTE: When deploying Keycloak in the Production environment, you may need to choose an operating mode between Standalone and Domain mode. In Production environment, you may also need to configure an external shared database like, PostgreSQL, MySQL, Oracle for Keycloak storage to run in a cluster and also configure securities such as encryption and HTTPS.