Secure your app with Keycloak and Docker

Hey, guys! In our last blog, we discussed the KeyCloak service and its features. So I assume you already know keycloak. In this blog post, we’ll discuss how to run KeyCloak locally with Docker and secure an application in three steps. Let’s get started.

First let’s briefly discuss _Keycloak_

Keycloak

Keycloak is an open source identity and access management solution for modern applications and services. It makes it easy to secure applications and services with almost no code required, meaning you only need to configure the functionality, not write the code. Therefore, it will save development time.

Docker

Docker is a software platform designed to make it easier to create, deploy, and run applications by using containers. It allows developers to package an application in a container with all the parts it needs and ship it as a package.

Step 1: Get and run the Keycloak Docker container

Using Docker allows us to get and run containers to execute a wide range of software packages, so a very popular software like KeyCloak is no exception.

Visit Docker Hub to find and download Docker images, including lists of countless packages

Open terminal and run the following command to check your Docker installation.

$docker version Server: Docker Engine - Community Engine: version: 20.10.2 API Version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: 8891C58 Built: Mon Dec 28 16:15:28 2020 OS/Arch: Linux/amd64 Experimental: false containerd: Version: 1.4.3 GitCommit: 269548 fa27e0089a8b8278fc4fc781d7f65a939b runc: Version: 1.0.0 - rc92 GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff docker - init: Version: 0.19.0 GitCommit: de40ad0Copy the code

If you get a message like the one shown above, it means your Docker installation is OK. You can then proceed to obtain the keyring as the Docker image by typing the following command.

$ docker pull jboss/keycloak:12.0.4
Copy the code

The previous command will download the image for version 12.0.4 of **Keycloak**, so now you can run it on your local machine.

$docker run --name myKeyCloak -p 8089:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -d jboss/keycloak:12.0.4Copy the code

If all goes well, you can see the container in action by typing the following command.

$docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES B5eA3759F75b jboss/keycloak "/opt/jboss/tools/do..." 9 seconds ago Up 9 seconds 8443/ TCP, 0.0.0.0:8089->8080/ TCP myKeyCloakCopy the code

You can then open a browser and type the following url http://localhost:8089 by opening your browser and typing **Keycloak** instance

Keycloak home page

Step 2: Configure the realm and user on the Keycloak

Once the _Keycloak_ container is ready to access the platform, the next step is to configure it to manage the authentication and authorization requirements for our application. To do this, you need to click on the administrative console and log in with the credentials provided when you run the container (in our case, the user and password admin). After a successful login, we are redirected to the main dashboard, where the default main realm display is displayed.

state

A realm is a concept within Keycloak and refers to an object that defines the security policy domain and applies it to the user and their certificates, roles, and groups. A cloak user belongs to only one realm, and the cloak user will log into that realm.

Default main realm page

Create an application _ realm _

• Use your administrator account credentials into your _Keycloak_ installation management page (http://localhost:8089/auth/admin/)
• Enter the main control drop-down menu (upper left corner area) and click the _” Add realm “button, as shown below.

Add realm button

• Provide a name for the _ realm _ that you will use to manage application security (remember,Realm _ names are case sensitive). In our example, we’ll use the name _my-Demo-app.

Add realm table

• After clicking **create** button, a new _ realm _ will be created and display the home page of the newly created _ realm __ (my-demo-app_).

Main page of my demo application

Create a user for the application

After creating the _ realm _, we need to create a user within the _my-Demo-app__ realm _ that we just created.

• Go to My-, which you just createddemo-app_ realm _ home page.
• Click the _Users_ button on the left menu to see an empty list of users. This is good because we just created the realm, which is empty by default.
• Next, click on “placed in the top right of the page.”Add user”Button, as shown below.

The user part

• Fill in the user’s information in the form. Set _ email authentication _ to on so that the current user does not need this authentication. In addition, as shown below, you can configure several actions for the user to perform before authenticating their account. Once done, click the Save button to create the user.

Add user

• The last thing to do before you can log in with that user is to go to the credentials and fill in the password and password confirmation field, and select Off next to the temporary field (so we don’t have to update the password the first time we log in). Then click the Set password button.

Proof of some

Finally, we are ready to test whether the user we just created is valid and can log in successfully. So, log in as an administrator and type the following url into your browser: http://localhost:8089/auth/realms/my-demo-app/account/ (this is _Keycloak_ enabled site, used to manage my – demo – app related in the field of access). Click Login (top right) and use the credentials of the user account you just created. If all goes well, you should see the screen below, with the user’s first and last name in the upper right corner. On this page, the user can manage the account.

The main part of the user login

Step 3: Secure your application

Your server is ready to do everything ** keycoat ** the server is ready to allow your application to log on to it, so let’s go ahead and create a client to handle the application’s requests.

Create a client adapter for your application

Open your application management console Keycloak (http://localhost:8089/auth/admin), log in with your management certificate. Click the Client on the left menu and click the Create button, located at the top of the client table. Then fill out the form shown below and click the Save button.

Client certificate format

The client ID specifies the identification string for the token and URI. This must be unique to your installation **Keycloak** This must be unique to your installation and must refer to a specific application.

** Keyring ** We provide a sample application that you can use to try out your server without having to write a fake application yourself. This application can be accessed through the following website (https://www.keycloak.org/app/), the site is what we in the root url The input field.

Trial time!

Open a browser tabs, the input sample application website (https://www.keycloak.org/app/). Then fill in the form of our Keycloak instance running web site (http://localhost:8089/auth), and our state and client configuration. Keycloak. If you have followed the instructions in the tutorial, your configuration should look like this.

configuration

After checking that everything is correct, click the Save button and you will see a login button. Click on it and you will be redirected to the **Keycloak** login page. With the user certificate (username: my-Demo-app-user and password created in Step 2), you will be redirected to the application and your user account information, and that’s all

Use the Keycloak to successfully log in

Conclusions and future work

In this blog post, we show how to easily create your own custom identity and access management solution. Keycloak and Docker. Working with the properly configured Keycloak server, you can get rid of all this template code to manage authentication and authorization for your custom applications.

The resources

• Docs.docker.com/engine/refe…
• www.keycloak.org/