From Dogtag
Revision as of 20:19, 9 August 2019 by Edewata (talk | contribs) (Configuring Tomcat Client)

Jump to: navigation, search


To build Keycloak:

$ git clone
$ cd keycloak
$ mvn install

See also:


To install Keycloak server:

$ wget
$ tar xzvf keycloak-6.0.1.tar.gz
$ cd keycloak-6.0.1/bin

To setup admin user:

$ ./ -u admin -p Secret.123

To start Keycloak server:

$ ./ -b=

Adding a New Realm

To access the Admin Console, open http://$HOSTNAME:8080/auth/admin/.

To access a realm, open http://$HOSTNAME:8080/auth/realms/<realm>/account.

Adding Roles in Realm

Adding Users in Realm

Configuring Tomcat Client

To create a Tomcat instance:

$ pki-server create tomcat@keycloak
$ pki-server http-connector-mod -i tomcat@keycloak --port 9080 Connector1
$ pki-server run tomcat@keycloak

To install Keycloak client adapter:

$ wget
$ mkdir keycloak-tomcat8-adapter 
$ cd keycloak-tomcat8-adapter
$ tar xzvf ../keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
$ mv * /var/lib/tomcats/keycloak/lib

To enable Keycloak:

  • Edit tomcat-user.xml
  • Add admin-gui role
  • Edit index.html
  • Edit context.xml
  • Add Keycloak Valve
  • Add keycloak.json
  • Edit web.xml
  • Define security constraints
  • Define login-config with auth-method set to KEYCLOAK

To register Tomcat client:

  • Open Keycloak Admin Console
  • Click Clients -> Create

To generate client adapter configuration, click Installation:

  • Format option: Keycloak OIDC JSON

Then store the configuration in WEB-INF/keycloak.json:

  "realm": "demo",
  "auth-server-url": "http://$HOSTNAME:8080/auth",
  "ssl-required": "external",
  "resource": "tomcat",
  "public-client": true,
  "confidential-port": 0

See Also