Setting up and Configuring Keycloak as the Authorization Server
Somnath Musib edited this page Nov 8, 2021
·
7 revisions
This article will demonstrate to set up and configure the Keycloak as the Authorization Server in the Windows operating system. The same steps can be followed for Linux and macOS as well.
- Download the Keycloak from the Keycloak website. We'll download the Distribution powered by WildFly.
- Unzip the zip file and browse to \standalone\configuration folder. By default, Keycloak runs in the HTTP port 8080. However, as our Spring Boot application runs in that port, we'll configure the HTTP port 9999 for the Keycloak server. Open the stanalone.xml file and perform the following edit:
<socket-binding name="http" port="${jboss.http.port:8080}"/>
to
<socket-binding name="http" port="${jboss.http.port:9999}"/>
- Next, start the server using the standalone script available in the
\bin
directory. Open your browser and access http://localhost:9999 URL - You'll be redirected to the http://localhost:9999/auth/ URL. Create a new user with username
root
and password aspassword
under the Administration Console section. Click on the Administration Console and log in with username and password - Post successful login, you'll land to the Master realm settings. We can configure one or more realms in the Keycloak server. However, in our technique, we'll stick with the Master realm. On the same page, under the General tab, you'll find the OpenID Endpoint Configuration link. Click the link.
- It shows the OpenID endpoint URLs:
"issuer": "http://localhost:9999/auth/realms/master",
"authorization_endpoint": "http://localhost:9999/auth/realms/master/protocol/openid-connect/auth",
"token_endpoint": "http://localhost:9999/auth/realms/master/protocol/openid-connect/token",
"introspection_endpoint": "http://localhost:9999/auth/realms/master/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "http://localhost:9999/auth/realms/master/protocol/openid-connect/userinfo",
"end_session_endpoint": "http://localhost:9999/auth/realms/master/protocol/openid-connect/logout",
"jwks_uri": "http://localhost:9999/auth/realms/master/protocol/openid-connect/certs",
"check_session_iframe": "http://localhost:9999/auth/realms/master/protocol/openid-connect/login-status-iframe.html",
We'll use the issuer and the token_endpoint in the technique.
- In the Keycloak admin console page left menu, click on the
Clients
menu option, and then click on Create button available at the right-hand corner. This lets you add a client. Add the client name as thecourse-tracker
. Click Save - In the Keycloak admin console page left menu, click on the
Client Scopes
menu option, then click on Create button available at the right-hand corner. Add a client scopecourse:read
. Click Save. Similarly, create another client scopecourse:write
using the same steps - In the Keycloak admin console page left menu, click on the
Users
menu option, then click onAdd User
button available at the right-hand corner. Add the Username asjohn
and switch onEmail Verified
toOn
. Click Save. Post user creation, click on the Credential tab and provide a password for the user. We'll use the password aspassword
. Ensure that theTemporary
button is turned off. Follow the same steps and create usersteve
- In the Keycloak admin console page left menu, click on the
Clients
menu option, then click oncourse-tracker
Client ID. Browse to theClient Scopes
tab and ensure underDefault Client Scopes
option, theAssigned Default Client Scopes
are set tocourse:read
andcourse:write
- In the Keycloak admin console page left menu, click on the
Clients
menu option, then click oncourse-tracker
Client ID. Browse to theMappers
tab and click create. Provide Name asuser_name
, Mapper Type asUser Attribute
, and Claim JSON Type as 'String'. Click save. - In the Keycloak admin console page left menu, click on the
Client Scopes
menu option, then click oncourse:read
scope. Browse to theMappers
tab and click create. Provide Name asuser_name
, Mapper Type asUser Attribute
, User Attribute asuser_name
, Token Claim Name asuser_name
and Claim JSON Type as 'String'. Click save.
That's all. We are done with the Keycloak server configuration. For any further queries, you can refer to this YouTube Video.
Supplementary content for the Spring Boot in Practice book