Keyloak SSO Docker

Howto Docker with Keycloak – examples

http://www.janua.fr/howto-docker-with-keycloak/

Howto Docker with Keycloak : In this article Janua’s CTO share tips and tricks about intégrating KeyCloak with Docker.

1) Overview
The goal of this article is to showcase how it is possible to deploy very quickly keycloak examples with docker.

2) Requirements
You need to have a docker installation up and running.

3) Downloading keycloak sso examples for docker
The command to run

1	docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_VENDOR=H2 -p 8080:8080 --name sso jboss/keycloak-examples

This will start keycloak with:

• admin user: admin
• admin password:admin
• external connection URL: 8080

Like this you can connect to Keycloak sso admin console at URL http://localhost:8080/auth

4) Some docker commands useful with keycloak

4.1) To control control keycloak process

1 2 3

docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a41643307565 jboss/keycloak-examples "/opt/jboss/docker-e…" 20 hours ago Up 6 minutes 0.0.0.0:8080->8080/tcp sso

4.2) To stop docker keycloak

1	docker stop sso

4.3) To  start docker keycloak

1	docker start sso

4.4) To access to keycloak logs

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

docker logs sso =========================================================================   JBoss Bootstrap Environment   JBOSS_HOME: /opt/jboss/keycloak-demo/keycloak   JAVA: /usr/lib/jvm/java/bin/java   JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true   =========================================================================   12:12:24,457 INFO [org.jboss.modules] (main) JBoss Modules version 1.6.1.Final 12:12:24,693 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.7.SP1 12:12:24,808 INFO [org.jboss.as] (MSC service thread 1-8) WFLYSRV0049: WildFly Full 11.0.0.Final (WildFly Core 3.0.8.Final) starting 12:12:25,767 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 12:12:25,789 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 28) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 12:12:25,792 INFO [org.wildfly.security] (ServerService Thread Pool -- 15) ELY00001: WildFly Elytron version 1.1.6.Final 12:12:25,877 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/59/273f90c9422e564d0fc401ce8c9f057f82d9be/content 12:12:25,994 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/06/6f7dbba1f52c0648c98f809184d6abacbc67c6/content 12:12:25,997 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/f8/3ab5465d384d9616d932e89152be1ff51b61ad/content 12:12:25,999 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/0e/5231c1d6a5c0e9e0a40b935b742fa4f845876f/content ...... ......

4.5) bash with keycloak

1 2 3 4

docker exec -it sso bash [jboss@a41643307565 ~]$ ls docker-entrypoint.sh keycloak-demo tmp.zip [jboss@a41643307565 ~]$

4.6) Obtaining info about sso (json format)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

docker inspect sso [     {         "Id": "a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1",         "Created": "2018-05-15T12:12:22.050846134Z",         "Path": "/opt/jboss/docker-entrypoint.sh",         "Args": [             "-b",             "0.0.0.0",             "-bmanagement",             "0.0.0.0",             "-Dkeycloak.import=/opt/jboss/keycloak-demo/keycloak/testrealm.json"         ],         "State": {             "Status": "running",             "Running": true,             "Paused": false,             "Restarting": false,             "OOMKilled": false,             "Dead": false,             "Pid": 4051,             "ExitCode": 0,             "Error": "",             "StartedAt": "2018-05-16T08:28:43.800846833Z",             "FinishedAt": "2018-05-16T08:27:28.023051982Z"         },         "Image": "sha256:35ce742cc265ccaf39d7a3951736bde1bd3d4d43f776baa6c8793347f70bc934",         "ResolvConfPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/resolv.conf",         "HostnamePath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/hostname",         "HostsPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/hosts",         "LogPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1-json.log",         "Name": "/sso",     ..... .....

5) Using keycloak examples with docker
The advantage of using docker with keycloak is that keycloak examples come immediately out of the box

5.1) creating a docker shell term

1 2 3 4

docker exec -it sso bash [jboss@a41643307565 ~]$ ls docker-entrypoint.sh keycloak-demo tmp.zip [jboss@a41643307565 ~]$

5.2) navigating throught the keycloak examples
here we are only going to deploy

1 2 3 4 5 6 7 8 9 10

cd keycloak-demo cd examples   [jboss@a41643307565 examples]$ ls README.md cordova kerberos preconfigured-demo unconfigured-demo admin-client cors ldap providers basic-auth fuse multi-tenant saml broker js-console pom.xml themes   cd preconfigured-demo

5.3) README example
The README example contains the build instructions.

In our case, the instructions to provide are much more lightweight, as there is only the build and deployement.

1 2 3 4

The target URL is: http://localhost:8080/customer-portal/customers/view.jsp the user is : bburke@redhat.com/password

5.4) Building and deploying demo example

The instructions to be executed are:

1 2 3

mvn clean install   mvn wildfly:deploy

5.5) Testing demo example from outside

we first check that the docker container can be accessed from outside:

1 2	docker port sso 8080/tcp -> 0.0.0.0:8080

1 2 3 4 5 6

let's connect to http://localhost:8080/customer-portal/customers/view.jsp   with credentials bburke@redhat.com/password   You are thus redirected to the customer portal demo.

6) Pointers

• https://hub.docker.com/r/jboss/keycloak-examples/