30 Apr

Setup KeyCloak Server on Azure/AWS/GCP

in Active Directory, AWS, Azure, Google GCP, LDAP, Single Sign On

Setup and install KeyCloak on Ubuntu 24.04 or 22.04 on Azure, AWS or Google GCP using our publicly available image from the cloud marketplaces. KeyCloak server deployment and post configuration steps are below.

Cloud KeyCloak Server

Setup KeyCloak on Azure

Deploy KeyCloak on Ubuntu 24.04 on Azure

Deploy KeyCloak on Ubuntu 22.04 on Azure

Getting Started with KeyCloak

Once your KeyCloak server has been deployed, the following links explain how to connect to a Linux VM:

Once connected and logged in, the following section explains how to start using KeyCloak.

Setup & Configure KeyCloak

Step 1) Create Certificate Keys

The first step is to create certificate keys that will be used by KeyCloak. Use the command below to create the keys. Replace the text ‘yourdomain.com‘ with yours.

Note: Make sure your DNS domain resolution is resolving correctly to your server IP before configuring KeyCloak.

				
					cd /opt/keycloak/conf
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout yourdomain.com.key.pem -out yourdomain.com.crt.pem

Step 2) Update KeyCloak.Conf File

Next is to update the keycloak.conf with the path to your certificates and your hostname.

In my example i’ve put the IP address as hostname as i’ve not probably got DNS setup in my test environment.

				
					sudo nano /opt/keycloak/conf/keycloak.conf

Step 3.) Run KeyCloak Build

Now that we’ve updated the keycloak configuration, we now need to run the build from the within the bin folder.

				
					cd /opt/keycloak/bin
sudo ./kc.sh build

And you should receive an output similar to this:

Step 4.) Create Admin User & Password

Next step is to create and admin user and password for Keycloak. Run the following commands:

				
					export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=admin123

Step 5.) Start KeyCloak Server

Now we’re ready to start the KeyCloak server by running the following script from the /bin directory:

				
					sudo -E ./kc.sh start

You should see the following output that also displays the listening port for KeyCloak:

Step 6) Login to KeyCloak

Login using your browser with the listening port from the previous step using your domain or IP address. So in my example i am going to login using my IP address and port. Ignore any certificate warnings:

https://13.64.214.51:8443/

If you’re using your own domain it would be:

https://yourdomain.com:8443

Note: Make sure you have port 8443 open if you’re using any cloud based firewalls in your company.

That’s it, you’re now ready to start using KeyCloak.

KeyCloak Documentation and Support

For guides and documentation on using KeyCloak refer to:

Documentation

https://www.keycloak.org/documentation

Guides

https://www.keycloak.org/guides

Community Support

https://www.keycloak.org/community

Disclaimer: KeyCloak is a registred trademark of The Linux Foundation and is licensed under Apache License 2.0. No warrantee of any kind, express or implied, is included with this software. Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user. The author is not responsible for any damage that its use could cause.

KeyCloak Firewall Ports

KeyCloak uses the following ports:

TCP 8080
TCP 8443

If you are using any of the cloud security groups and need to change / add ports refer to the following guides:

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls