Howto Docker with Keycloak : In this article Janua’s CTO share tips and tricks about intégrating KeyCloak with Docker.

1) Overview
The goal of this article is to showcase how it is possible to deploy very quickly keycloak examples with docker.

2) Requirements
You need to have a docker installation up and running.

3) Downloading keycloak sso examples for docker
The command to run

docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_VENDOR=H2 -p 8080:8080 --name sso jboss/keycloak-examples

This will start keycloak with:

  • admin user: admin
  • admin password:admin
  • external connection URL: 8080

Like this you can connect to Keycloak sso admin console at URL https://localhost:8080/auth

4) Some docker commands useful with keycloak

4.1) To control control keycloak process

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a41643307565 jboss/keycloak-examples "/opt/jboss/docker-e…" 20 hours ago Up 6 minutes 0.0.0.0:8080->8080/tcp sso

 

4.2) To stop docker keycloak

docker stop sso

 

4.3) To  start docker keycloak

docker start sso

 

4.4) To access to keycloak logs

docker logs sso
=========================================================================

JBoss Bootstrap Environment

JBOSS_HOME: /opt/jboss/keycloak-demo/keycloak

JAVA: /usr/lib/jvm/java/bin/java

JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true

=========================================================================

12:12:24,457 INFO [org.jboss.modules] (main) JBoss Modules version 1.6.1.Final
12:12:24,693 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.7.SP1
12:12:24,808 INFO [org.jboss.as] (MSC service thread 1-8) WFLYSRV0049: WildFly Full 11.0.0.Final (WildFly Core 3.0.8.Final) starting
12:12:25,767 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
12:12:25,789 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 28) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
12:12:25,792 INFO [org.wildfly.security] (ServerService Thread Pool -- 15) ELY00001: WildFly Elytron version 1.1.6.Final
12:12:25,877 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/59/273f90c9422e564d0fc401ce8c9f057f82d9be/content
12:12:25,994 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/06/6f7dbba1f52c0648c98f809184d6abacbc67c6/content
12:12:25,997 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/f8/3ab5465d384d9616d932e89152be1ff51b61ad/content
12:12:25,999 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 16) WFLYDR0001: Content added at location /opt/jboss/keycloak-demo/keycloak/standalone/data/content/0e/5231c1d6a5c0e9e0a40b935b742fa4f845876f/content
......
......

 

4.5) bash with keycloak

docker exec -it sso bash
[jboss@a41643307565 ~]$ ls
docker-entrypoint.sh keycloak-demo tmp.zip
[jboss@a41643307565 ~]$

 

4.6) Obtaining info about sso (json format)

docker inspect sso
[
    {
        "Id": "a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1",
        "Created": "2018-05-15T12:12:22.050846134Z",
        "Path": "/opt/jboss/docker-entrypoint.sh",
        "Args": [
            "-b",
            "0.0.0.0",
            "-bmanagement",
            "0.0.0.0",
            "-Dkeycloak.import=/opt/jboss/keycloak-demo/keycloak/testrealm.json"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 4051,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-05-16T08:28:43.800846833Z",
            "FinishedAt": "2018-05-16T08:27:28.023051982Z"
        },
        "Image": "sha256:35ce742cc265ccaf39d7a3951736bde1bd3d4d43f776baa6c8793347f70bc934",
        "ResolvConfPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/hostname",
        "HostsPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/hosts",
        "LogPath": "/var/lib/docker/containers/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1/a41643307565b576c0b26ee80d6e41db1001082339788ca98bd1cd6623feb5e1-json.log",
        "Name": "/sso",


.....
.....

 

 

5) Using keycloak examples with docker
The advantage of using docker with keycloak is that keycloak examples come immediately out of the box

5.1) creating a docker shell term

docker exec -it sso bash
[jboss@a41643307565 ~]$ ls
docker-entrypoint.sh keycloak-demo tmp.zip
[jboss@a41643307565 ~]$

 

5.2) navigating throught the keycloak examples
here we are only going to deploy

cd keycloak-demo
cd examples

[jboss@a41643307565 examples]$ ls
README.md cordova kerberos preconfigured-demo unconfigured-demo
admin-client cors ldap providers
basic-auth fuse multi-tenant saml
broker js-console pom.xml themes

cd preconfigured-demo

 

5.3) README example
The README example contains the build instructions.

In our case, the instructions to provide are much more lightweight, as there is only the build and deployement.

The target URL is:
https://localhost:8080/customer-portal/customers/view.jsp
the user is :
bburke@redhat.com/password

 

5.4) Building and deploying demo example

The instructions to be executed are:

mvn clean install

mvn wildfly:deploy

 

5.5) Testing demo example from outside

we first check that the docker container can be accessed from outside:

docker port sso
8080/tcp -> 0.0.0.0:8080

 

let's connect to
https://localhost:8080/customer-portal/customers/view.jsp

with credentials bburke@redhat.com/password

You are thus redirected to the customer portal demo.

 

6) Pointers

 

 

janua
Les derniers articles par janua (tout voir)