Versions Compared

Version Old Version 10 New Version 11
Changes made by

Graham O'Regan (Unlicensed)

Graham O'Regan (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

        KEYCLOAK_PASSWORD: admin
    ports:
        - "80808087:8080"
        - "9990:9990"

...

Keycloak will create and populate the required database tables on initial startup.  The admin console should then be available via http://localhost:8080 and 8087 and the Admin Console link using the KEYCLOAK_* credentials from the above command (admin/admin in this example).

...

DirectiveValue
OIDCProviderMetadataURL

The URL for the OpenID Connect configuration on Keycloak. 

http://localhost:80808087/auth/realms/heeadmin/.well-known/openid-configuration

OIDCClientIDThe name of the client created when setting up Keycloak
OIDCClientSecretThe secret for the client (available from the client's credentials page).  For Keycloak, this will be a UUID
OIDCRedirectURIA redirect URL within the area of the redirect URL set up on the Keycloak client page
ServerNameThe Apache virtual host.  (Apache will default to the first virtual host in a file if no virtual host name matches)
ProxyPassThe URL of the back-end application you want to protect
ProxyPassReverseThe same as ProxyPass.  (This is used by Apache to change the Location header in 302 responses)

...

TOKEN=$(curl -s 'http://localhost:80808087/auth/realms/master/protocol/openid-connect/token' -d "client_id=admin-cli&username=admin&password=admin&grant_type=password" | jq -r .access_token)

...

curl -i 'http://localhost:80808087/auth/admin/realms' -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" -d '{"realm":"newrealm", "enabled":true}'

...

curl -i 'http://localhost:80808087/auth/admin/realms/newrealm2/groups' -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" -d '{"name":"groupA"}'

...

curl -i 'http://localhost:80808087/auth/admin/realms/test/clients' -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" -d '{"clientId":"newclient","redirectUris":["http://localhost:80808087/*"], "secret":"longpassword"}'

...

curl -i 'http://localhost:80808087/auth/admin/realms/newrealm2/users' -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" -d '{"username":"foo5@example.com","enabled":true,"email":"foo5@example.com","attributes":{"emp_num":["1125"],"NTN":["245/FGS/819"]}}'

...