keycloak standalone安装及配置
- keycloak installation:
首先需要安装external DB (Mariadb, Mysql, h2).
并且需要 创建keycloak user and grant privileges:
#!/bin/ksh
MYSQL_ROOT_PASSWD=newsys
mysql -uroot -p${MYSQL_ROOT_PASSWD} <<MYSQL_INPUT
show databases;
create database if not exists db4keycloak;
CREATE USER if not exists ‘keycloak’@’%’ IDENTIFIED BY ‘keycloak’;
GRANT ALL PRIVILEGES ON db4keycloak.* to keycloak@’%’ IDENTIFIED BY ‘keycloak’;
GRANT ALL PRIVILEGES ON db4keycloak.* to keycloak@‘localhost’ IDENTIFIED BY ‘keycloak’;
flush privileges;
MYSQL_INPUT
然后 安装 keycloak:
yum install keycloak
or download keycloak rpm package.
then use the following command to install:
rpm -ihv keycloak.rpm.
- keycloak configuration
/opt/keycloak/bin/control_keystore gen 127.0.0.1 keycloak.jks keycloak initcert keycloak
/bin/cp keycloak.jks /opt/keycloak/security/ssl/.
/opt/keycloak/standalone/configuration directory, there is a xml configuration file named standalone.xml.
jboss.bind.address can be set to 0.0.0.0 to accept any ip request.
<drivers>
<driver name="mariadb" module="org.mariadb.jdbc">
<xa-datasource-class>org.mariadb.jdbc.MySQLDataSource</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mariadb://localhost:3306/db4keycloak?autoReconnect=true</connection-url>
<driver>mariadb</driver>
<security>
<user-name>keycloak</user-name>
<password>keycloak</password>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
<validate-on-match>false</validate-on-match>
<background-validation>true</background-validation>
<background-validation-millis>30000</background-validation-millis>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
</validation>
</datasource>
- keycloak start:
the following command can be used to start keycloak service.
/opt/keycloak/bin/standalone.sh -c standalone.xml
/etc/systemd/system/keycloak.service.
sudo systemctl enable keycloak
systemctl start keycloak
4). user realm configuration:
创建management user admin-user with the following command:
add-user.sh
this user can be used for management console
http://<host_ip>:9990/console.
可以创建datasource的配置
创建admin用户:
/opt/keycloak/bin/add-user-keycloak.sh -u admin -p admin123 -r master
the following command can be used to create realm/user/roles, set password and add roles to a user:
/opt/keycloak/bin/kcadm.sh config credentials
/opt/keycloak/bin/kcadm.sh create realms
/opt/keycloak/bin/kcadm.sh create clients
/opt/keycloak/bin/kcadm.sh create roles
/opt/keycloak/bin/kcadm.sh set-password
/opt/keycloak/bin/kcadm.sh add-roles
/opt/keycloak/bin/kcadm.sh update realms