It's useful to be able to connect to a locally-running instance of Keycloak for integration testing the application. This guide explains how to set up the Keycloak Identity Provider from it's officially supported docker image quay.io/keycloak.
Old versions of Keycloak used an Application Server to manage deployment. However, Keycloak released a new version of the container that does not depend on an Application Server (Wildfly) for deployment. This keeps the image and the container much smaller and simpler. I recently upgraded Keycloak to use the new image, which depends on Quarkus instead of Wildfly.
It's important to keep in mind that our normal Keycloak deployment in AWS will make use of a reverse proxy. In AWS, we want to use a reverse proxy (the Load Balancer) to terminate SSL connections and forward the traffic to Keycloak via HTTP instead of over HTTPS.
TODO: fillmein
If you have already set up a persistent database, you can fill in the connection details and directly run the container. Then, you can connect to it in your browser using the command below:
docker run -p 8080:8080 \
# If you're on a Mac
--platform linux/arm64 \
-e KC_DB=postgres \
-e KC_DB_URL_HOST=<HOSTNAME> \
-e KC_DB_DATABASE=<DATABASE-NAME> \
-e KC_DB_USERNAME=<USERNAME> \
-e KC_DB_PASSWORD=<PASSWORD> \
-e KC_HOSTNAME_STRICT=false \
-e KC_EDGE=proxy \
-e KC_HTTP_ENABLED=true \
-e KC_FEATURES=token-exchange \
quay.io/keycloak/keycloak:20.0.3 start
```
### Setting up a Local postgres database for testing
```bash
# Set up a local DB for the first time
createdb keycloak
# Log in and set up a user with correct permissions
psql keycloak
CREATE USER keycloak WITH PASSWORD 'keycloak';
GRANT ALL PRIVILEGES ON SCHEMA public to keycloak;
# Check that the user can login
psql keycloak -U keycloak
Make sure that the postgres database is listening on localhost:5432
lsof -i -P -n | GREP LISTEN
Then, you can run the container.
NOTE: The "host.docker.internal" host is a Docker DNS entry that allows the
Keycloak container to connect to the Postgres instance on the host.
NOTE: The KEYCLOAK_ADMIN
related env vars create a new Keycloak admin user
that you can use to administer the Realms.
docker run -p 8080:8080 \
# If you're on a Mac
--platform linux/arm64 \
-e KC_DB=postgres \
-e KC_DB_URL_HOST="host.docker.internal" \
-e KC_DB_DATABASE="keycloak" \
-e KC_DB_USERNAME="keycloak" \
-e KC_DB_PASSWORD="keycloak" \
-e KC_HOSTNAME_STRICT=false \
-e KC_EDGE=proxy \
-e KC_HTTP_ENABLED=true \
-e KC_FEATURES=token-exchange \
-e KEYCLOAK_ADMIN=keycloak \
-e KEYCLOAK_ADMIN_PASSWORD=keycloak \
quay.io/keycloak/keycloak:20.0.3 start
TODO: Set up test realm!!
Then import test-keycloak-realm.json
to set up the realm and test client
This is a specific example showing how to set up the container connected to a locally running
Postgres instance.
Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close