Logo

dev-resources.site

for different kinds of informations.

Getting Started with Keycloak: Understanding the Basics

Published at
1/9/2025
Categories
keycloak
oauth
openidconnect
restapi
Author
haithamoumer
Author
12 person written this
haithamoumer
open
Getting Started with Keycloak: Understanding the Basics

In today's interconnected digital landscape, securing APIs (Application Programming Interfaces) is paramount. APIs serve as the gateway for communication between different software applications, enabling seamless data exchange. However, with this connectivity comes the risk of unauthorized access, data breaches, and other security threats.

Enter Keycloak - an open-source identity and access management solution that provides robust security for your APIs and applications. Developed by Red Hat, Keycloak simplifies user authentication, authorization, and user management, allowing you to focus on building and deploying your applications with confidence.

Keycloak Architecture

Keycloak is a flexible and scalable identity and access management solution that provides a single point of access for all your applications. It offers a wide range of features, including:

  • User registration and management
  • User authentication and authorization
  • Role-based access control
  • Social login integration
  • Single sign-on (SSO) and single log-out (SLO)
  • API security
  • API management
  • Real-time event monitoring

Keycloak Basic Architecture

Description of the Diagram:

  1. User: Represents the end-user interacting with the system.
  2. Keycloak: The central authentication server managing user sessions and authentication flows.
  3. Identity Providers: External systems like Google, Facebook, or LDAP used for federated identity.
  4. Applications: The apps (frontend and backend) that integrate with Keycloak for authentication.
  5. Keycloak Database: The storage system for Keycloak, holding user data, configurations, and session information.

Keycloak Components

Keycloak is composed of several components that work together to provide a comprehensive identity and access management solution. These components include:

  • Keycloak Server: The core component of Keycloak, responsible for user authentication, authorization, and user management.
  • Keycloak Admin Console: A web-based user interface for managing Keycloak, including user registration, authentication, and authorization.
  • Keycloak Realm Management: A web-based user interface for managing Keycloak realms, which are logical groupings of users, applications, and other resources.
  • Keycloak Client Management: A web-based user interface for managing Keycloak clients, which represents an application or service that interacts with the Keycloak server for authentication and authorization.
  • Keycloak REST API: A RESTful API for managing Keycloak, including user registration, authentication, and authorization.
  • Keycloak JavaScript Adapter: A JavaScript library for integrating Keycloak with web applications.
  • Keycloak Node.js Adapter: A Node.js library for integrating Keycloak with Node.js applications.
  • Keycloak Docker Image: A Docker image for running Keycloak in a containerized environment.

Keycloak Installation: A Step-by-Step Guide

Keycloak is an open-source Identity and Access Management (IAM) solution that simplifies securing applications and services with features like Single Sign-On (SSO), social login, and more. You can install Keycloak using various methods, including direct installation, Docker, and Docker Compose. Below, I'll explain the steps for each method.

1. Installing Keycloak Locally

To install Keycloak locally, you typically need to download the Keycloak server distribution.

Steps to Install Keycloak Locally:

  1. Download Keycloak :
    Go to the Keycloak Downloads page and download the latest version of Keycloak (Distribution powered by Quarkus).

  2. Extract the Archive :
    Extract the downloaded files to a directory of your choice.

    tar -xvf keycloak-<version>.tar.gz
    cd keycloak-<version>
    
  3. Start Keycloak :
    We used the start-dev command to start the Keycloak server in development mode. This command starts the server with the default configuration to try out Keycloak for the first time to get it up and running quickly.
    In the command below, we used the --bootstrap-admin-username and --bootstrap-admin-password options to specify the username and password for the default administrator account. You can change these values to match your requirements.

    ./bin/kc.sh start-dev --bootstrap-admin-username=admin --bootstrap-admin-password=admin
    

Do not use this configuration in production. Instead, use the start command to start the server with a custom configuration.

For more information on the start-dev command and other available commands, refer to the Keycloak Server Documentation.

2. Installing Keycloak with Docker

Keycloak can also be installed using Docker, a containerization platform that simplifies the deployment and management of applications. Docker allows you to package your application and its dependencies into a container, which can then be deployed and run on any system that has Docker installed.

Steps to Install Keycloak with Docker:

  1. Install Docker:
    Follow the official Docker documentation to install Docker on your system. You can find the installation instructions for your operating system here.

  2. Pull the Keycloak Docker Image:
    To pull the Keycloak Docker image, run the following command:

    docker pull quay.io/keycloak/keycloak:26.0.7
    
  3. Run the Docker Container:
    To run the Keycloak Docker container, use the following command:

    docker run -p 8080:8080 -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:26.0.7 start-dev
    


    This command starts the Keycloak container and maps port 8080 on the host machine to port 8080 in the container. It also sets the KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORD environment variables to admin and admin, respectively.

  4. Access the Keycloak Admin Console:
    Once the container is running, you can access the Keycloak Admin Console by opening your web browser and navigating to http://localhost:8080/. You will be prompted to enter the username and password for the admin user.

Note: You can replace 26.0.7 with the desired version of Keycloak.

Conclusion

In this article, we explored the basics of Keycloak, a powerful identity and access management solution. We covered the architecture of Keycloak, its components, and how to install it locally and with Docker. The next article will dive deeper into the features and capabilities of Keycloak, including users, clients, roles, and more.

References

oauth Article's
30 articles in total
Favicon
Are millions of accounts vulnerable due to Google's OAuth Flaw?
Favicon
Pushed Authorization Requests in .NET 9: Why and How to Use Them
Favicon
Understanding OAuth 1.0a Signature Generation: Postman vs. Node.js Library and Custom Implementation
Favicon
A Comprehensive Guide to Using OAuth 1.0a with Twitter API v2
Favicon
Understanding Twitter API OAuth 1.0a Authentication: A Comprehensive Guide
Favicon
Spring Oauth2 - App-Token based Hybrid Token Verification Methods
Favicon
App-Token based easy OAuth2 implementation built to grow with Spring Boot
Favicon
Accessing the AuthAction Management API with Machine-to-Machine Application
Favicon
How to oAuth2 Code Flow using Tanstack Start
Favicon
Serverless OAuth2/OIDC server with OpenIddict 6 and RDS Aurora v2
Favicon
Getting Started with Keycloak: Understanding the Basics
Favicon
Finalmente entendi o OAuth
Favicon
Login with Google, Laravel 11
Favicon
Integrating Google OAuth 2.0 with JWT in a Node.js + TypeScript App using Passport.js
Favicon
OAuth2 Authentication API
Favicon
.NET MAUI Google Drive OAuth on Windows and Android
Favicon
Extortion Pack
Favicon
Umbraco and Bellissima: Swagger, Tokens, Entry Points
Favicon
MS Graph API Certificate and Client Secret OAuth2.0 in Java Spring boot
Favicon
Securing Spring Microservice with OAuth 2.0
Favicon
OAuth2, JWT, and JWKS: Using Amazon Cognito as IDP
Favicon
Mission impossible with localhost
Favicon
React Oauth2 Integration with AuthAction
Favicon
Harness Authentication Capabilities
Favicon
🔐 How to Implement OAuth 2.0 Authentication in ASP.NET Core with External APIs
Favicon
Vuejs Oauth2 Integration with AuthAction
Favicon
Angular Oauth2 Integration with AuthAction
Favicon
Google identity Platform
Favicon
How to Secure Your AWS EKS Application with OAuth 2.0 and SSO Integration Using Amazon Cognito and OAuth2-Proxy
Favicon
OAuth Tutorial with Go and the Spotify API

Featured ones: