Versions Compared

Version Old Version 18 New Version 19
Changes made by

Graham O'Regan (Unlicensed)

Graham O'Regan (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This page contains information, code snippets and other information regarding using Keycloak with mod_auth_openidc.

Running on Azure

HEE fork of Keycloak repository;

https://github.com/Health-Education-England/keycloak

The code for the HEE customisations Docker container is here;

https://github.com/Health-Education-England/TIS-DEVOPS/tree/master/docker/images/keycloak

...

Keycloak is available from keycloak.org.  It is an application embedded in a JBoss WildFly JEE container.  The easiest way to get it working is to use an existing docker container.  This container is set up to use with a MySQL datastore.  To run Keycloak with a dockerized version of MySQL, try this:MySQL

  1. Run MySQL, if you don't have a local MySQL server running then you can create one with the following commands;

    Code Block
    $ docker run --name mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=keycloak -e MYSQL_ROOT_PASSWORD=password -d mysql

...

  1. If you want to create a database in an existing MySQL database then try the following; 

    Code Block
    create database keycloak;
grant all on keycloak.* to keycloak@'%' identified by 'keycloak';
flush privileges;
  2. Start Keycloak using the docker-compose file for the stack https://github.com/Health-Education-England/TIS-DEVOPS/blob/master/docker/stacks/keycloak/docker-compose.yml

Keycloak will create and populate the required database tables on initial startup.   The admin console should then be available via http://localhost:8087 and the 7/auth , click on the 'Admin Console' link using the KEYCLOAK_* credentials from the above command (admin/admin in this example)and login using admin:admin.

Tasks

Adding a realm

Initially, Keycloak has only one admin realm, which should be used for admin purposes only so we must add a non-admin realm.  From the admin console, below the Keycloak logo on the left, click on "Master" with the down arrow symbol and select the "Add realm" button.  Let's call the new realm heeadmin and save it.

...

https://github.com/pingidentity/mod_auth_openidc

https://jwt.io/ (Useful UI for viewing the content of a JWT)