How to Install KeyCloak SSO on Ubuntu 20.04. In this article, we will cover the basics of downloading and setting up a Keycloak server. Single sign on (SSO) is a controlling access of multiple but independent, software systems. SSO is single authentication service to allow users to login to other services, without providing a password to the service that is being logged into.
What is KeyCloak?
Keycloakis a free and open source Identity and Access Management solution by RedHat Community. Its aim is to secure modern applications and services without writing any code. It provides a wide range of features including multifactor authentication, SSO, centralized user management, authentication, authorization, social login, and more. Keycloak allows you to add authentication to applications and secure services with minimum fuss. You don’t need to deal with storing users or authenticating users.
Keycloak provides single sign out, which means users only have to logout once to be logged out of all applications that use Keycloak. Keycloak is an Identity broker as it authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers. Other important feature is that Keycloak has built in support to connect to existing LDAP or Active Directory servers.
Further down we will proceed with the steps of how to install KeyCloak SSO on Ubuntu 20.04.
Before starting, it is always recommended to update the system packages to the updated version. Run the following command to update all the packages to the latest version:
apt-get update -y
apt-get upgrade -y
Once your system is updated, restart it to apply all the updates.
Install Java JDK
Keycloak is a Java based application. So Java JDK must be installed on your server. If not installed, you can install it using the following command:
apt-get install default-jdk -y
Once Java is installed, you can verify the Java version using the following command:
java --version
You should see the Java version in the following output:
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)
Once you are done, you can proceed to the next step.
Next, set proper ownership using the following command:
chown keycloak: /opt/keycloak/bin/launch.sh
Next, edit the launch.sh file and define your Keycloak path:
nano /opt/keycloak/bin/launch.sh
Change the file as shown below:
#!/bin/bash
if [ "x$WILDFLY_HOME" = "x" ]; then
WILDFLY_HOME="/opt/keycloak"
fi
if [[ "$1" == "domain" ]]; then
$WILDFLY_HOME/bin/domain.sh -c $2 -b $3
else
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
fi
Save and close the file when you are finished.
Create a Systemd Service File for Keycloak
Next, you will need to create a systemd service file to manage the Keycloak service. You can copy the sample systemd service with the following command:
You can also check the Keycloak server log using the following command:
tail -f /opt/keycloak/standalone/log/server.log
You will get the following output:
2021-11-16 09:30:35,612 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 66) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
2021-11-16 09:30:35,680 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 66) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
2021-11-16 09:30:35,780 INFO [org.jboss.as.server] (ServerService Thread Pool -- 43) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
2021-11-16 09:30:35,836 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
2021-11-16 09:30:35,839 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28538ms - Started 594 of 872 services (584 services are lazy, passive or on-demand)
2021-11-16 09:30:35,840 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
2021-11-16 09:30:35,841 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
Next, you will need to create an admin user to access the Keycloak web interface. Run the following command to create an admin user:
/opt/keycloak/bin/add-user-keycloak.sh -u admin
Set your password as shown below:
Press ctrl-d (Unix) or ctrl-z (Windows) to exit
Password:
Added 'admin' to 'https://net.cloudinfrastructureservices.co.uk/opt/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
Next, restart the Keycloak service to apply the changes:
systemctl restart keycloak
Next, you will need to disable the HTTPS for Keycloak. You can disable it with the following command:
Now, open your web browser and access the Keycloak web interface using the URL http://your-server-ip:8080/auth/admin. You should see the Keycloak login page:
Provide your admin username, password and click on the Sign in button. You should see the Keycloak dashboard on the following screen:
Next, you will need to create a realm to manage your applications. Hover the mouse over the Master in the left panel and click on the Addrealm. A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm.
You should see the following screen:
Provide your realm name and click on the Create button to create a realm. You should see the following screen:
Next, you will need to create a new user for Keycloak. Click on the Manage => Users. You should see the following screen:
Next, click on the AddUser button. You should see the following screen:
Provide your user information and click on the Save button. Next, click on the Credentials tab and set a password for the users as shown below:
How to Install KeyCloak SSO on Ubuntu 20.04 Conclusion
In the above guide, we explained how to install the Keycloak server on Ubuntu 20.04. We also explained how to add a realm and user to the Keycloak server. You can now manage your application’s password with the Keycloak server.
I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.
58votes
Article Rating
Subscribe
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.