IAMServer

Identity and Access Server using Keycloak

Keycloak 2.4.0.Final - docker and docker-compose

This is docker-compose setup for Keycloak server configured with [mysql database) with nginx https termination and lightweight mail server.

Used docker images

• keycloak-postgres, 2.4.0.Final
• [mysql latest]
• nginx configuration for https termination, borrowed from anvilreserach and customized for Keycloak
• mailcatcher

Usage

• Clone this repository and run docker-compose up
• In separate shell, run ./add-cert-to-java-truststore.sh. Fix script for your local java setup, idea is to put custom (self-signed) certificate into java cacerts
• Add to your /etc/hosts file record for identity.keycloak.openiot referencing 127.0.0.1
  • 127.0.0.1 identity.keycloak.openiot

Testing

• point your browser to https://identity.keycloak.openiot
• accept insecure site, or add ./keycloak-nginx/certs/identity.keycloak.openiot.cert to browser's truststore

Admin account

• default admin account added to Keycloak is:
  • Username: openiot
  • Password: password

Modifications on Keycloak configuration

• in standalone.xml, I've modified 2 lines:
  • line 410: <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="true"/>
    • This modification tells Keycloak to pull the client’s IP address from the X-Forwarded-For header since it's behind nginx.
  • line 412: <host name="default-host" alias="localhost" default-web-module="keycloak-server.war">
    • This modification deploys Keycloak as default application on root path (context)

Read more about http://www.keycloak.org/docs/2.5/server_installation/topics/network/https.html