What Is Keycloak?
Keycloak is an open-source identity and access management solution. It provides single sign-on (SSO), user federation, social login, two-factor authentication, and fine-grained authorization out of the box. It supports OpenID Connect, OAuth 2.0, and SAML protocols.
Prerequisites
- A Breeze with at least 4 GB RAM running Ubuntu 22.04+
- Docker and Docker Compose installed
- A domain name pointed to your Breeze
Docker Compose Setup
mkdir -p ~/keycloak && cd ~/keycloakversion: "3.8"
services:
keycloak:
image: quay.io/keycloak/keycloak:latest
container_name: keycloak
restart: unless-stopped
command: start-dev
ports:
- "8080:8080"
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=ChangeThisPassword
- KC_DB=postgres
- KC_DB_URL=jdbc:postgresql://keycloak-db:5432/keycloak
- KC_DB_USERNAME=keycloak
- KC_DB_PASSWORD=DbSecurePass123
depends_on:
- keycloak-db
keycloak-db:
image: postgres:16-alpine
container_name: keycloak-db
restart: unless-stopped
volumes:
- keycloak_db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=keycloak
- POSTGRES_USER=keycloak
- POSTGRES_PASSWORD=DbSecurePass123
volumes:
keycloak_db:Launch and Configure
docker compose up -dAccess the admin console at http://your-breeze-ip:8080. Create a new realm for your organization, then add clients for each application you want to protect with SSO.
Production Tips
- Switch from
start-devtostartwith proper hostname and HTTPS settings for production - Configure a reverse proxy with SSL termination in front of Keycloak
- Set up user federation to connect LDAP or Active Directory