![]() build it: docker build -tag ivonet/wildfly-admin-keycloak-adapter.See this Dockerfile for the one I used to build my own version of Wilfly with the keycloak adapter installed. add to this admin enabled wildfly by adding the keycloak adapter.I also pushed it to de docker repository because I intent to reuse it for development purposes.now build it: docker build -tag ivonet/wildfly-admin.RUN /opt/jboss/wildfly/bin/add-user.sh ivonet s3cr3t -silentĬMD first upgraded to wildfly with the admin console enabled.The power of docker is to make adjustments gradually and modularly and so I did that too… ![]() JBoss provides a docker image for that to but as of the time of this writing it was in wildfly 9.0.1.Final and on keycloak 1.5.0.Final and the most current versions are 9.0.2.Final for wildfly and 1.6.1.Final for keycloak so I upgraded from the latest default wildfly image. You need an adaptor installed on the server, because you want the EE container to recognize keycloak as a security provider. ![]() Wildfly is the obvious choise because jboss is the major contributor to keycloak. Wel as you may have guessed you actually do need something else. I was so focuessed on the demo I saw that I didn’t realize that glassfish != wildfly and that something might have to be done to get stuff working. On my local machene I mostly use Glassfish as my EE development environment and I could not get the sample apps to work… After a couple of hours I started thinking for real :-) and doing some reading and it actually made sense that it didn’t work. This is the part not mentioned in the sessions I followed and what stumped me in the beginning. it is time to get another instance of wildfly and make it keycloak enabled. So now we have a keycloak auth server up and running. NOTE: the default username and password is admin and admin. Lets try it out and enter the following in the terminal: 1 So now we have a setup that might work :-) I did this because on my production environment I already have a native postgres running and am migrating slowly. If you are not interested in accessing the ivonet-postgres-data with external tools, then you can eliminate the -p parameter from the ivonet-keycloak-postgres command.Īs you might have noticed I gave the external port 15432. # Keycloak server image linking to the postgres imageĭocker run -name ivonet-keycloak -link ivonet-keycloak-postgres:postgres -p 10000:8080 -e POSTGRES_DATABASE=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=keycloak jboss/keycloak-postgres 1ĭocker run -name ivonet-postgres-data -v /var/lib/postgresql/data busybox trueĭocker run -name ivonet-keycloak-postgres -volumes-from ivonet-postgres-data -p 15432:5432 -e POSTGRES_DATABASE=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=keycloak -e POSTGRES_ROOT_PASSWORD=s3cr3t -d postgres Time to maybe read more here about what the following commands mean. Get a keycloak authentication server up and running put it all behind an apache proxy in a production environment.This images will be adjusted to enable keycloak as security provider. jboss/wildfly docker image as the base for the application server.Tune a postgress docker image to serve as db for the keycloak server.jboss/keycloak-postgres docker image to serve as the keycloak security server / service.Get a docker data volume for my database values.The whole idea is to setup Keycloak as a separate server as a kind of “Security as a service” solution. You might have to do some translating if you are on another OS. This demo has done on a Mac and the commands will reflect that.Be sure to change the relevant stuff if you want to use it for realzlike :-) I will not say so again. I will use usernames and passwords in this document as this is a demo blog.This blog will also expose a java web application with rest end-points to show how the auth works. What they did not tell you that configuring a server that could use keycloak was not as trivial. I attended a couple of keycloak sessions during Javaone this year and during these sessions the illusion was created that adding Keycloak as the security provider for your application is very easy and almost non-invasive for your code. Important in this blog is that the whole process will be described. This blog describes how I created a couple of Docker images to demonstrate Keycloak. NOTE: This article might be being revised continuously because of new insights.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |