Keycloak with PostgreSQL and pgAdmin

In this post, we will be looking into how we can configure PostgreSQL with Keycloak. We will also setup pgAdmin to see what is inside the database and see how Keycloack will handle things. We will use docker compose to run the services.

What is Keycloak?

Keycloak is an identity provider from Red Hat. It is an open source project similar to WSO2 Identity Server. Keycloak also provides standard implementations of OpenID Connect, OAuth 2.0 and SAML 2.0.

Why PostgreSQL?

Keycloak can be configured to many of the known databases. But by using it with PostgreSQL we can use a single database as it supports multiple schemas.

Docker-compose.yml

version: '3'
networks:
  blockchain1OS-network:
volumes: 
  blockchain1OS-consul:
    driver: local
  blockchain1OS-redis:
    driver: local
  blockchain1OS-postgresql:
    driver: local
  blockchain1OS-keycloak:
    driver: local
  blockchain1OS-pgadmin:
    driver: local
services:
  postgresql:
    image: postgres:9.5
    container_name: blockchain1OS-postgresql
    volumes:
      - blockchain1OS-postgresql:/var/lib/postgresql/data/
    networks:
      - blockchain1OS-network
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: user
      POSTGRES_PASSWORD: password
    ports:
      - 5432:5432
  pgadmin:
    image: dpage/pgadmin4:4.2
    container_name: blockchain1OS-pgadmin
    volumes: 
      - blockchain1OS-pgadmin:/var/lib/pgadmin
    environment:
      PGADMIN_DEFAULT_EMAIL: user@example.com
      PGADMIN_DEFAULT_PASSWORD: password
    networks:
      - blockchain1OS-network
    ports:
      - 8081:80
  keycloak:
    image: jboss/keycloak:4.8.3.Final
    container_name: blockchain1OS-keycloak
    networks:
      - blockchain1OS-network
    ports:
      - 8082:8080
    environment:
      JAVA_TOOL_OPTIONS: '-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled'
      DB_VENDOR: POSTGRES
      DB_ADDR: postgresql
      DB_DATABASE: keycloak
      DB_USER: user
      DB_PASSWORD: password
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: password
    depends_on:
      - postgresql

Start the containers by

docker-compose up

And in order to see the admin console lets visit http://localhost:8082.

Admin console on keycloak

After that, click on Admin console and type admin as the username and password as the password.

Keycloak login

Create a realm and a client to use the application as shown below.

  • Realm: blockchain1OS
  • Client: blockchain-world
adding a realm on keycloak

Next, create Roles under the Roles tab under the selected client (in here, blockchain-world).

  • ROLE_USER
  • ROLE_ADMIN

And create two users under the user section in the realm. Make sure the password is not temporary and email is set to be “verified”. Also, add the client roles to the users once created.

  • User
  • Username: user
  • Email : user@blockchain1OS
  • Password : password
  • Roles : [ ROLE_USER ]
  • Admin
  • Username: admin
  • Email : admin@blockchain1OS
  • Password : password
  • Roles : [ ROLE_ADMIN ]

We can also have a look at the pgAdmin by navigating to http://localhost:8081.

pgAdmin login

Export Keycloak Settings

Make sure to change the followings

  • –net=
  • -e DB_ADDR
docker run --rm \
    --net=docker_blockchain1OS-network \
    --name keycloak_exporter \
    -v /tmp:/tmp/keycloak-export \
    -e DB_PASSWORD="password" \
    -e DB_DATABASE="keycloak" \
    -e DB_ADDR="blockchain1OS-postgresql" \
    -e DB_USER="keycloak" \
    -e DB_VENDOR="POSTGRES" \
    -e JDBC_PARAMS="characterEncoding=UTF-8&useSSL=false&allowPublicKeyRetrieval=true" \
    jboss/keycloak:4.8.3.Final \
      -Dkeycloak.migration.action=export \
      -Dkeycloak.migration.provider=singleFile \ -Dkeycloak.migration.file=/tmp/keycloak-export/blockchain1OS.json

Simply copy and paste the codes given here when developing locally to configure Keycloak with your PostgreSQL database. But you will need to replace the client and realm with your inputs and you will have it configured in no time. And you are always welcome to comment below if you happen to have questions or bugs with it.

As I said earlier, Keycloak provides standard implementations of OpenID Connect, OAuth 2.0 and SAML 2.0. But that’s not all, Social Login and User Federation are also two of the most striking features on what we will talk about in my upcoming blog posts.

Sharing is caring!