Skip to content

Docker With Keycloak#

What Is The Keycloak?#

  • Keycloak is an open-source identity and access management tool with a focus on modern applications such as single-page applications, mobile applications, and REST APIs.
  • The project was started in 2014. It has since grown into a well-established open source project with a strong community behind that. It is used for small projects to large enterprises.

Keycloak Features#

  • Keycloak provides fully customizable login pages, recovery of passwords, accepting terms, and a lot more. All of these features provided by Keycloak can easily integrate your application without any coding at all. By delegating authentication of the user to Keycloak, you don’t worry about authentication mechanisms, safely store passwords, etc. You can enable two-factor authentication without having to make changes to the application. This also increases your application security because in this situation your application doesn’t have access to user credentials, it can only know tokens issued by Keycloak.
  • The tables below will show main features of Keycloak.
Keycloak Features Descriptions
Multiple Protocols Support As for now Keycloak supports three different protocols, namely - OpenID Connect, OAuth 2.0 and SAML 2.0.
SSO Keycloak has full support for Single Sign-On and Single Sign-Out.
Admin Console Keycloak offers web-based GUI where you can “click out” all configurations required by your instance to work as you desire.
User Identity and Accesses Keycloak can be used as a standalone user identity and access manager by allowing us to create users database with custom roles and groups. This information can be further used to authenticate users within our application and secure parts of it based on pre-defined roles.
External Identity Source Sync In case when your client currently has some type of user database, Keycloak allows us to synchronize with such database. By default, it supports LDAP and Active Directory but you can create custom extensions for any user database using Keycloak User storage API. Keep in mind that such a solution may not have all data necessary for Keycloak to be fully functional, so remember to check if your desired functionality works.
Identity Brokering Keycloak can also work as a proxy between your users and some external identity provider or providers. Their list can be edited from Keycloak Admin Panel.
Social Identity Providers Additionally, Keycloak allows us to use Social Identity Providers. It has built-in support Google, Twitter, Facebook, Stack Overflow but, in the end, you have to configure all of them manually from admin panel. The full list of supported social identity providers and their configuration manual can be found in Keycloak documentation.
Pages Customization Keycloak lets you customize all pages displayed by it to your users. Those pages are in .ftl format so you can use classic HTML  markups and CSS styles to make the page fit your  application style and your company brand. You can even put custom JS scripts as part of pages customization so possibilities are limitless.

Create Keycloak Server With Docker#

  • Let's create a file name docker-compose.yml, then add scripts as below:
docker-compose.yml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
version: '3'

volumes:
  postgres_data:
      driver: local

services:
  postgres:
      #Get lastest postgres docker image from DockerHub
      image: postgres
      volumes:
        - postgres_data:/var/lib/postgresql/data
      environment:
        POSTGRES_DB: keycloak
        #Set username and password for postgres database  
        POSTGRES_USER: admin
        POSTGRES_PASSWORD: admin
  keycloak:
      #Get keycloak docker image from Red Hat
      image: quay.io/keycloak/keycloak:legacy
      environment:
        DB_VENDOR: POSTGRES
        DB_ADDR: postgres
        DB_DATABASE: keycloak
        DB_USER: admin
        DB_SCHEMA: public
        DB_PASSWORD: admin
        #Set username and password for default keycloak user
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: admin
        # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
        #JDBC_PARAMS: "ssl=true"
      ports:
        - 8080:8080
      depends_on:
        - postgres

  • If you want to change the version of docker image of Keycloak you can view this Red Hat Website and choose another version that you like.

  • Then let's create a folder postgres_data which is located next to the docker-compose.yml file as image below, then the data of postgres database container will be sync into this folders.

#zoom

Testing#

  • Now, Let use docker-compose up to start the server. Then you can go to localhost:8080 to access Keycloak server and login with the username/password that you set in the docker-compose.yml file.
username password
admin admin

#zoom

  • Choose Administration Console and login.

#zoom

  • After login successful, you can see the Keycloak dashboard as below:

#zoom

References#