oxaliq/keycloak
0
0
Fork 0
forked from coop-cloud/keycloak
Code Pull Requests Activity
124 Commits 7 Branches 32 Tags
add_kcadm
Go to file
Clone
Open with vscodium://vscode.git/clone?url
Download ZIP Download TAR.GZ Download BUNDLE
sorrel 9555bc7980 add bootstrap password generation to release note
2026-04-10 14:52:22 -04:00
release
add bootstrap password generation to release note
2026-04-10 14:52:22 -04:00
.drone.yml
Update .drone.yml
2025-01-08 10:09:13 -08:00
.env.sample
add bootstrap password to secrets
2026-04-10 12:11:03 -04:00
abra.sh
add bootstrap password to secrets
2026-04-10 12:11:03 -04:00
compose.theme.yml
chore: upgrade to v26.4.0
2025-10-13 17:28:37 -04:00
compose.yml
add bootstrap password to secrets
2026-04-10 12:11:03 -04:00
LICENSE
Bootstrap repository
2020-06-18 18:21:15 +02:00
README.md
add documentation for admin cli
2026-04-01 11:28:04 -04:00
renovate.json
Add renovate.json
2020-09-30 07:02:23 +00:00

README.md

keycloak

Build Status

Keycloak + Coöp Cloud.

  • Category: Apps
  • Status: 2, beta
  • Image: jboss/keycloak, 4, upstream
  • Healthcheck: Yes
  • Backups: ?
  • Email: 1
  • Tests: 2
  • SSO: N/A

Basic usage

  1. Set up Docker Swarm and abra
  2. Deploy coop-cloud/traefik
  3. abra app new keycloak --secrets (optionally with --pass if you'd like to save secrets in pass). Make sure to note the admin_password
  4. abra app config YOURAPPDOMAIN - be sure to change $DOMAIN to something that resolves to your Docker swarm box
  5. abra app deploy YOURAPPDOMAIN
  6. Proceed with replacing the temporary admin user

Replacing the temporary admin user

The inital user created by Keycloak, is a bootstrap user whose password is stored in plain text on the server. This recipe assigns that user the name "admin_bootstrap" and the password $BOOTSTRAP_PASSWORD set by abra app config YOURAPDOMAIN

Running abra app command YOURAPPDOMAIN app init_kc replaces this bootstrap admin with a permanent admin user whose username is $ADMIN_USERNAME and whose password is the secret generated in step 3 above. This will also delete the temporary admin user.

It is recommended to also set up MFA for this account from the web admin panel. Log in to the account, select manage account, select account security/signing in, and enable two factor authentication.

Running Commands in Keycloak's Admin CLI

To authenticate a session to Keycloak's admin API run: abra app command YOURAPPDOMAIN app login_kcadm

After this you can run any Admin CLI command via the run_kcadm command. An example, which creates a "sandbox" realm: abra app command YOURAPPDOMAIN app run_kcadm "'create realms -s realm=sandbox -s displayName=sandbox -s enabled=true'"

Keycloak Admin CLI documentation has more info on running kcadm commands

How do I setup a custom theme?

Check this approach.

How do I create another admin user?

  • Under the Master realm > Users > Add user
  • Create the user and set a temporary password
  • Under the Role Mappings tab, move admin from Available Roles into Assigned Roles

What do I do if I lost my admin account credentials?

You can create a new admin account like this:

abra app run <domain> app -- bash -c '/opt/keycloak/bin/kc.sh bootstrap-admin user --db-password $(cat /run/secrets/db_password)'

Make sure to delete the temp-admin user after you finish recovering.

How do I configure Keycloak login for..

Description
Open source identity and access management
Readme GPL-3.0 258 KiB
Languages
Roff 100%