Howto Docker with Keycloak : In this article Janua’s CTO share tips and tricks about intégrating KeyCloak with Docker.
1) Overview
The goal of this article is to showcase how it is possible to deploy very quickly keycloak examples with docker.
2) Requirements
You need to have a docker installation up and running.
3) Downloading keycloak sso examples for docker
The command to run
|
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_VENDOR=H2 -p 8080:8080 --name sso jboss/keycloak-examples
|
This will start keycloak with:
- admin user: admin
- admin password:admin
- external connection URL: 8080
Like this you can connect to Keycloak sso admin console at URL http://localhost:8080/auth
4) Some docker commands useful with keycloak
4.1) To control control keycloak process
|
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a41643307565 jboss/keycloak-examples "/opt/jboss/docker-e…" 20 hours ago Up 6 minutes 0.0.0.0:8080->8080/tcp sso
|
4.2) To stop docker keycloak
4.3) To start docker keycloak
4.4) To access to keycloak logs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
docker logs sso
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/jboss/keycloak-demo/keycloak
JAVA: /usr/lib/jvm/java/bin/java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
=========================================================================
12:12:24,457 INFO [org.jboss.modules] (main) JBoss Modules version 1.6.1.Final
12:12:24,693 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.7.SP1
12:12:24,808 INFO [org.jboss.as] (MSC service thread 1-8) WFLYSRV0049: WildFly Full 11.0.0.Final (WildFly Core 3.0.8.Final) starting
12:12:25,767 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
12:12:25,789 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 28) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
12:12:25,792 INFO [org.wildfly.security] (ServerService Thread Pool -- 15) ELY00001: WildFly Elytron version 1.1.6.Final
12:12:25,877 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/59/273f90c9422e564d0fc401ce8c9f057f82d9be/content
12:12:25,994 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/06/6f7dbba1f52c0648c98f809184d6abacbc67c6/content
12:12:25,997 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/f8/3ab5465d384d9616d932e89152be1ff51b61ad/content
12:12:25,999 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/0e/5231c1d6a5c0e9e0a40b935b742fa4f845876f/content
......
......
|
4.5) bash with keycloak
|
docker exec -it sso bash
[jboss@a41643307565 ~]$ ls
docker-entrypoint.sh keycloak-demo tmp.zip
[jboss@a41643307565 ~]$
|
4.6) Obtaining info about sso (json format)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
docker inspect sso
[
{
"Id": "a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1",
"Created": "2018-05-15T12:12:22.050846134Z",
"Path": "/opt/jboss/docker-entrypoint.sh",
"Args": [
"-b",
"0.0.0.0",
"-bmanagement",
"0.0.0.0",
"-Dkeycloak.import=/opt/jboss/keycloak-demo/keycloak/testrealm.json"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4051,
"ExitCode": 0,
"Error": "",
"StartedAt": "2018-05-16T08:28:43.800846833Z",
"FinishedAt": "2018-05-16T08:27:28.023051982Z"
},
"Image": "sha256:35ce742cc265ccaf39d7a3951736bde1bd3d4d43f776baa6c8793347f70bc934",
"ResolvConfPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/hostname",
"HostsPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/hosts",
"LogPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1-json.log",
"Name": "/sso",
.....
.....
|
5) Using keycloak examples with docker
The advantage of using docker with keycloak is that keycloak examples come immediately out of the box
5.1) creating a docker shell term
|
docker exec -it sso bash
[jboss@a41643307565 ~]$ ls
docker-entrypoint.sh keycloak-demo tmp.zip
[jboss@a41643307565 ~]$
|
5.2) navigating throught the keycloak examples
here we are only going to deploy
|
cd keycloak-demo
cd examples
[jboss@a41643307565 examples]$ ls
README.md cordova kerberos preconfigured-demo unconfigured-demo
admin-client cors ldap providers
basic-auth fuse multi-tenant saml
broker js-console pom.xml themes
cd preconfigured-demo
|
5.3) README example
The README example contains the build instructions.
In our case, the instructions to provide are much more lightweight, as there is only the build and deployement.
|
The target URL is:
http://localhost:8080/customer-portal/customers/view.jsp
the user is :
bburke@redhat.com/password
|
5.4) Building and deploying demo example
The instructions to be executed are:
|
mvn clean install
mvn wildfly:deploy
|
5.5) Testing demo example from outside
we first check that the docker container can be accessed from outside:
|
docker port sso
8080/tcp -> 0.0.0.0:8080
|
|
let's connect to
http://localhost:8080/customer-portal/customers/view.jsp
with credentials bburke@redhat.com/password
You are thus redirected to the customer portal demo.
|
6) Pointers
Tidak ada komentar:
Posting Komentar