3

6

9

12

Keycloak Features

  1. Free & Opensource:. Being open-source means that its source code is freely available to anyone, allowing for transparency, customization, and community-driven development. Additionally, it ensures compatibility with various extensions and integration with a wide range of technologies, making it a versatile choice for managing authentication and authorization.
  2. Centralized identity and access management: This means that Keycloak provides a single platform where you can manage user identities and control access to your applications and resources from one centralized location. It streamlines the process of user authentication and authorization across your entire system.
  3. Support for industry-standard protocols like OAuth 2.0 and OpenID Connect: Keycloak supports widely-used protocols like OAuth 2.0 and OpenID Connect, which are essential for secure authentication and authorization in modern web applications. These protocols ensure that user data is exchanged securely between different systems, enabling features like Single Sign-On (SSO) and secure API access.
  4. Single Sign-On (SSO) capability: SSO allows users to log in once and access multiple applications without having to re-enter their credentials. With Keycloak's SSO capability, users can seamlessly move between different applications within your ecosystem without needing to log in each time, enhancing convenience and user experience.
  5. Role-based access control: Role-based access control (RBAC) enables you to define specific roles and permissions for different users within your system. With Keycloak, you can assign roles to users based on their responsibilities or privileges, controlling what actions they can perform and what data they can access.
  6. User federation for seamless authentication across different systems and platforms: User federation allows you to integrate external identity providers, such as LDAP, Active Directory, or social media platforms, with Keycloak. This enables users to authenticate using their existing credentials from these external sources, providing a seamless authentication experience across different systems and platforms while maintaining centralized control and security.

Implementation Components

  1. Nginx Web Server: First and foremost, you need to install and configure Nginx on your server. Nginx is a high-performance web server that can also act as a reverse proxy.
  2. Database: Keycloak requires a database to store user information, configuration, and other data. You can use databases like MySQL, PostgreSQL, or H2 (embedded) with Keycloak. Make sure to set up and configure the database accordingly.
  3. Java Runtime Environment (JRE): Keycloak is a Java application, so you'll need to have Java installed on your server to run Keycloak.
  4. Keycloak docker image itself

Implementation Steps

STEP 1: Create Docker-Copose file


version: '3.8'

services:
  nginx:
    image: nginx:latest
    ports:
      - "80:80"
    volumes:
      - ./nginx/html:/usr/share/nginx/html
    restart: always
  
  keycloak:
    image: bitnami/keycloak:latest
    environment:
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
    ports:
      - "8080:8080"
    restart: always

  backend:
    image: node:latest
    working_dir: /app
    volumes:
      - ./backend:/app
    ports:
      - "3000:3000"
    environment:
      DB_HOST: postgres
      DB_USER: postgres
      DB_PASSWORD: password
      DB_NAME: mydatabase
    depends_on:
      - postgres
    restart: always

  postgres:
    image: postgres:latest
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: password
      POSTGRES_DB: mydatabase
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    restart: always

STEP 2: Keycloack Setup

  1. Create a Realm:

    2. A realm in Keycloak is a container for users, credentials, and applications. It's recommended to create a separate realm for your application to isolate its users and settings.

    • Log in to the Keycloak admin console.
    • Click on the dropdown next to the realm name (usually "Master") in the top-left corner, then click "Add realm".
    • Enter a name for your realm (e.g., "myrealm") and click "Create".
  2. Create a Client:

    3. A client represents an application that you want to secure with Keycloak. In this case, we'll create a client for your Node.js backend.

    • In your realm, click on "Clients" in the left-hand menu, then click "Create".
    • Enter a name for your client (e.g., "backend").
    • Set "Client ID" to backend.
    • Set "Access Type" to confidential.
    • Click "Save".
  3. Configure Client Settings:

    4. After creating the client, you'll need to configure some settings to allow communication between your Node.js backend and Keycloak.

    • Set the "Valid Redirect URIs" to http://localhost:3000/*. This tells Keycloak where to redirect the user after authentication.
    • Set the "Web Origins" to + to allow requests from any origin.
    • Click "Save".
  4. Create a Role (Optional):

    5. Roles allow you to define fine-grained access control within your application. You can create roles to represent different levels of access or permissions.

    • In the Keycloak admin console, go to your realm, then click on "Roles" in the left-hand menu, and click "Add Role".
    • Enter a name for your role (e.g., "user").
    • Click "Save".
  5. Create a User:

    6. Users represent individuals who can log in to your application. You'll need to create at least one user to test the authentication and authorization process.

    • In the Keycloak admin console, go to your realm, then click on "Users" in the left-hand menu, and click "Add user".
    • Enter the user details and set a password.
    • After creating the user, you may assign roles to the user if needed.