Skip to content

Latest commit

 

History

History
71 lines (66 loc) · 4.43 KB

keycloak-setup.md

File metadata and controls

71 lines (66 loc) · 4.43 KB
Raw

7. Setup Keycloak

Please follow these steps to setup the Keycloak correctly

  1. Open https://keycloak.<your domain> on your browser
  2. Please sign in by username and password that you set before on these variables: KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
  3. If sign in success, you will be navigated to Keycloak Admin Console page, the first thing we need to do on Keycloak Admin Console is creating a new Realm for our project, so click the dropdown on the top right of screen, and select 'Create realm' button. image
  4. On the realm name field, please input the realm name that you want, example: spring-boot-learning, q-learning, practicing-spring-boot, or something else, Realm name should be without space, and better if all characters are lowercase image
  5. Click Create
  6. If the realm successfully created, the page should be navigated to new Realm like this. new-realm-dashboard
  7. Then we need to create two clients, one for backend and one for frontend, click 'Clients' on sidebar and click 'Create clients' button. keycloak-add-client
  8. Fill the form like the image below and click "Next"
    keycloak-new-client
  9. Check the following fields like the image bellow and click "Next"
    keycloak new client backend 2
  10. Then fill the "Valid Redirect URIs" field like image below and click "Save"
    keycloak valid redirect image setting
  11. "Backend" client is successfully created if you see this alert success alert
  12. Then back to the client list by click the "Clients" menu on sidebar, and you will see the new "backend" client there Backend client is successfully created
  13. Now we need to create one more client for frontend, let's click "Create Client" once more
  14. Then, fill the form like the image below, and then click "Next" Create new client for frontend
  15. Don't change anything on this form, and then click "Next" Create new client for frontend
  16. Fill the Valid redirect URIs like the image below and keep the other fields empty, and then click "Save" Create valid redirect uris for client frontend
  17. "Frontend" client is successfully created, now we have two clients Keycloak client list
  18. Then we need to fill a-few more environment variables based on our Keycloak config, so edit the docker_env.env file , find KEYCLOAK_REALM=, and fill the value by your Realm name that you have been created!
  19. Back to Keycloak admin console, from the "Clients" list page, click the "backend", and then click "Credentials" tab, then click "Copy to clipboard" icon on "Client Secret" field Copy Client Secret
  20. Then paste the value to KEYCLOAK_CLIENT_SECRET= on docker_env.env file, and then fill KEYCLOAK_CLIENT_ID= by backend
  21. The complete docker_env.env file would be like the code below ( don't worry about KAFKA_, keep them by default )
SERVER_HOST=spring-boot-practice.com
DATABASE_USERNAME=developer
DATABASE_PASSWORD=password1
DATABASE_HOST='127.0.0.1'
POSTGRES_EXTERNAL_PORT=25432

KEYCLOAK_EXTERNAL_PORT=28443
KEYCLOAK_ADMIN=spring-boot-admin
KEYCLOAK_ADMIN_PASSWORD=password1
KEYCLOAK_KEYSTORE_PASSWORD=password1

KEYCLOAK_HOST=keycloak.spring-boot-practice.com
KEYCLOAK_BASE_URL=https://keycloak.spring-boot-practice.com
KEYCLOAK_REALM=spring-boot-practice
KEYCLOAK_CLIENT_ID=backend
KEYCLOAK_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxx

KAFKA_EXTERNAL_PORT=39092
KAFKA_BOOTSTRAP_URL=PLAINTEXT://spring-boot-practice.com:39092
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://spring-boot-practice.com:39092
  1. To make us able to call any API on this project, we need create a user first, and the use it to log in to get an access token. Please see the Keycloak documentation to create a user and login to keycloak by API

Back