In this post, we will be looking into how we can configure PostgreSQL with Keycloak. We will also setup pgAdmin to see what is inside the database and see how Keycloack will handle things. We will use docker compose to run the services.
What is Keycloak?
Keycloak is an identity provider from Red Hat. It is an open source project similar to WSO2 Identity Server. Keycloak also provides standard implementations of OpenID Connect, OAuth 2.0 and SAML 2.0.
Keycloak can be configured to many of the known databases. But by using it with PostgreSQL we can use a single database as it supports multiple schemas.
version: '3' networks: blockchain1OS-network: volumes: blockchain1OS-consul: driver: local blockchain1OS-redis: driver: local blockchain1OS-postgresql: driver: local blockchain1OS-keycloak: driver: local blockchain1OS-pgadmin: driver: local services: postgresql: image: postgres:9.5 container_name: blockchain1OS-postgresql volumes: - blockchain1OS-postgresql:/var/lib/postgresql/data/ networks: - blockchain1OS-network environment: POSTGRES_DB: keycloak POSTGRES_USER: user POSTGRES_PASSWORD: password ports: - 5432:5432 pgadmin: image: dpage/pgadmin4:4.2 container_name: blockchain1OS-pgadmin volumes: - blockchain1OS-pgadmin:/var/lib/pgadmin environment: PGADMIN_DEFAULT_EMAIL: firstname.lastname@example.org PGADMIN_DEFAULT_PASSWORD: password networks: - blockchain1OS-network ports: - 8081:80 keycloak: image: jboss/keycloak:4.8.3.Final container_name: blockchain1OS-keycloak networks: - blockchain1OS-network ports: - 8082:8080 environment: JAVA_TOOL_OPTIONS: '-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled' DB_VENDOR: POSTGRES DB_ADDR: postgresql DB_DATABASE: keycloak DB_USER: user DB_PASSWORD: password KEYCLOAK_USER: admin KEYCLOAK_PASSWORD: password depends_on: - postgresql
Start the containers by
And in order to see the admin console lets visit http://localhost:8082.
After that, click on Admin console and type admin as the username and password as the password.
Create a realm and a client to use the application as shown below.
- Realm: blockchain1OS
- Client: blockchain-world
Next, create Roles under the Roles tab under the selected client (in here, blockchain-world).
And create two users under the user section in the realm. Make sure the password is not temporary and email is set to be “verified”. Also, add the client roles to the users once created.
- Username: user
- Email : user@blockchain1OS
- Password : password
- Roles : [ ROLE_USER ]
- Username: admin
- Email : admin@blockchain1OS
- Password : password
- Roles : [ ROLE_ADMIN ]
We can also have a look at the pgAdmin by navigating to http://localhost:8081.
Export Keycloak Settings
Make sure to change the followings
- -e DB_ADDR
docker run --rm \ --net=docker_blockchain1OS-network \ --name keycloak_exporter \ -v /tmp:/tmp/keycloak-export \ -e DB_PASSWORD="password" \ -e DB_DATABASE="keycloak" \ -e DB_ADDR="blockchain1OS-postgresql" \ -e DB_USER="keycloak" \ -e DB_VENDOR="POSTGRES" \ -e JDBC_PARAMS="characterEncoding=UTF-8&useSSL=false&allowPublicKeyRetrieval=true" \ jboss/keycloak:4.8.3.Final \ -Dkeycloak.migration.action=export \ -Dkeycloak.migration.provider=singleFile \ -Dkeycloak.migration.file=/tmp/keycloak-export/blockchain1OS.json
Simply copy and paste the codes given here when developing locally to configure Keycloak with your PostgreSQL database. But you will need to replace the client and realm with your inputs and you will have it configured in no time. And you are always welcome to comment below if you happen to have questions or bugs with it.
As I said earlier, Keycloak provides standard implementations of OpenID Connect, OAuth 2.0 and SAML 2.0. But that’s not all, Social Login and User Federation are also two of the most striking features on what we will talk about in my upcoming blog posts.