Keycloak on OpenJDK

Get started with Keycloak on bare metal

Before you start

Make sure you have OpenJDK 1.8 or newer installed.

Download Keycloak

First step is to download and extract keycloak-9.0.2.zip from the Keycloak website.

After extracting you should have a directory named keycloak-9.0.2.

Start Keycloak

From a terminal open the directory keycloak-9.0.2, then to start Keycloak run the following command.

On Linux run:

bin/standalone.sh

On Windows run:

bin/standalone.bat

Create an admin user

Keycloak does not come with a default admin user, which means before you can start using Keycloak you need to create an admin user.

To do this open http://localhost:8080/auth, then fill in the form with your preferred username and password.

Login to the admin console

Go to the Keycloak Admin Console and login with the username and password you created earlier.

Create a realm

A realm in Keycloak is the equivalent of a tenant. It allows creating isolated groups of applications and users. By default there is a a single realm in Keycloak called master. This is dedicated to manage Keycloak and should not be used for your own applications.

Let’s create our first realm.

  1. Open the Keycloak Admin Console

  2. Hover the mouse over the dropdown in the top-left corner where it says Master, then click on Add realm

  3. Fill in the form with the following values:

    • Name: myrealm

  4. Click Create

Add Realm

Create a user

Initially there are no users in a new realm, so let’s create one:

  1. Open the Keycloak Admin Console

  2. Click Users (left-hand menu)

    • Click Add user (top-right corner of table)

  3. Fill in the form with the following values:

    • Username: myuser

    • First Name: Your first name

    • Last Name: Your last name

  4. Click Save

Add User

The user will need an initial password set to be able to login. To do this:

  1. Click Credentials (top of the page)

  2. Fill in the Set Password form with a password

  3. Click ON next to Temporary to prevent having to update password on first login

Set Password

Login to account console

Let’s now try to login to the account console to verify the user is configured correctly.

  1. Open the Keycloak Account Console

  2. Login with myuser and the password you created earlier

You should now be logged-in to the account console where users can manage their accounts.

Keycloak Account Console

Secure your first app

Let’s try to secure our first application. First step is to register this application with your Keycloak instance:

  1. Open the Keycloak Admin Console

  2. Click 'Clients'

  3. Fill in the form with the following values:

  4. Click Save

Add Client

To make it easy for you we have a SPA testing application available on the Keycloak website.

Open https://www.keycloak.org/app/ and click Save to use the default configuration.

Now you can click Sign in to authenticate to this application using the Keycloak server you started earlier.

Next

Before you go and run Keycloak in production there are a few more things that you will want to do, including:

  • Switch to a production ready database such as PostgreSQL

  • Configure SSL with your own certificates

  • Switch the admin password to a more secure password

For more information check out the Keycloak Documentation.