This document describes how to configure Keycloak, for development, production on a Red Hat platform, and production with federated users from a Windows Active Directory. On development, Keycloak runs in a Docker container, see build.gradle for the available commands. For production, the directory scripts contains some convenient scripts for starting Keycloak.
The Keycloak container for development has the following set-up (as loaded upon creation of the Keycloak Docker container by loading ANET-Realm-export.json):
To access the container
| URL | http://localhost:9080/ |
| username | admin |
| password | admin |
The credentials (to be used in application.yml):
A Keycloak container running on e.g. a Red Hat platform (where you would define the users locally in Keycloak) can use the following set-up:
The credentials to be used in application.yml can be found under the Credentials tab.
Define your users under the Users section of the realm.
See Kerberos set-up on how to integrate the Keycloak server with the AD.
A Keycloak container running on e.g. a Red Hat platform that gets its users from a Windows Active Directory (and can support SSO/Single Sign-On) can use the following set-up:
To get newly on-boarded user's first names correctly mapped from AD to the realm, you may want to add a mapper first name to the realm:
The credentials to be used in application.yml can be found under the Credentials tab.
This is an example configuration to connect to an Active Directory; see Keycloak documentation for additional hints on how to configure it:
Take note of the Kerberos setting here (necessary if you want to support SSO):
