Keycloak is a product open source software that enables single sign-on (IdP) with Identity Management and Access Management for modern applications and services. This software is written in Java and supports identity federation protocols by default SAML v2 and OpenID Connect (OIDC) / OAuth2. It is licensed by Apache and supported by Red Hat.
From a conceptual perspective, The intention of the tool is to facilitate the protection of applications and services with little or no encryption. An IdP allows an application (often called a Service Provider or SP) to delegate its authentication.
This has, among other things, several advantages:
- It allows developers to focus on business functionality by not having to worry about the security aspects of authentication, either by directly integrating a library that supports one of the two protocols or by using a module on the web server or a Keycloak adapter ( non-exhaustive list of possibilities)
- Be able to centralize authentication and therefore enable single sign-on authentication (SSO)
- Be able to unify authentication methods and make them evolve without modifying the applications.
- Reinventing SaaS application authentication and thereby controlling the proliferation of digital identities; Account deactivation is simplified (deleting a SaaS account when an employee leaves is no longer forgotten).
Also within its main characteristics, the following points stand out:
- single sign-on
- Support for standard protocols
- Account secure applications and simplified service
- LDAP compliant as external user repository
- authentication delegation (social login)
- high performance: server cluster, scalable, high availability
- fully compatible with containerization
- simple themes to implement
- strong authentication by native one-time code (OTP) via FreeOTP or Google Authenticator
- auto-troubleshoot if you forget your password
- auto-creation of accounts (by form or so-called social authentications)
- extensible: user base, authentication methods, protocols.
How to install Keycloak on Linux?
In order to install Keycloak either on your computer or on a server, we must download the last available Keycloak package, we can get this from the link below.
For this case We will use version 7.0 which is the latest version available at the moment.
We are going to have to open a terminal and in it we just have to type the following command:
wget https://downloads.jboss.org/keycloak/7.0.0/keycloak-7.0.0.tar.gz
After that we are going to unzip the file with:
tar -xvzf keycloak-7.0.0.tar.gz
Done this we are going to enter the application directory just created, for this we are going to type the following:
cd keycloak-7.0.0
cd bin
Being inside this directory We are going to run the Keycloak server with the following command:
./standalone.sh
Done this the server will start and now it's time to use the web browser, to access the Keycloak service we will have to access the following web address http://localhost:8080/auth/ or in the case of using a domain or an IP address (on a web server) you will have to access the path where you placed the Keycloak folder.
Already being inside the Keycloak page, here we can see that we will have to create the administrator account, as you can see in the following screenshot.
When creating the admin user, now it gives us the option to enter the administrator panel, If you can't find the section, just go to the following link, http: // localhost: 8080 / auth / admin /, where you can log in with the credentials you chose.
From now on they will be able to manage Keycloak, adding new users as well as being able to install the adapters.
Finally for when the case that there is a new version and they want to update to this without losing their data or simply do not feel safe applying the update method replacing the files of the new version over the one they already have.
It is important to emphasize that the service must be stopped during this process.
In a terminal, just run the following command, for this they must be inside the main directory of Keycloak
sh bin/jboss-cli.sh --file=bin/migrate-standalone.cli
If you want to know more about it, you can consult the documentation In the following link.