# Step 1 - Start and configure Keycloak In this part we will setup Keycloak. We will run a local Keycloak Docker container and reuse an existing realm configuration. The image below shows the relevant elements we will use later. ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fd71c97959a3249207d1fef63bcae95206112eb66.png?generation=1593679039629698\&alt=media) ## Step 1: Clone the project to your local machine ```bash git clone https://github.com/thomassuedbroecker/get-started-with-keycloak-microprofile-openliberty.git cd get-started-with-keycloak-microprofile-openliberty ROOT_FOLDER=$(pwd) ``` ## Step 2: Start Keycloak Docker image local Open a terminal session and enter: ```bash docker run -it -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8282:8080 jboss/keycloak:9.0.2 ``` ## Step 2: Import the existing realm configuration 1. Open the Keycloak in a browser select the Administration Console Use following URL: ```bash http://localhost:8282/ ``` ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F9554cc33a57bba76c7b520abb2bcbb06f1061dfa.png?generation=1593439003035382\&alt=media) 1. Login to using the URL in your browser with `user/admin` and `password/admin` 2. Select *Add realm* ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fa891ebae15bb55cc15f667e2ae84e2f0f1630f09.png?generation=1593439003737383\&alt=media) 1. Choose for import *Select file* ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F1f06fc6c6d163179240fe43654e253b57b4281ca.png?generation=1593439003088249\&alt=media) 1. Select existing [`realm`](https://en.wikipedia.org/wiki/Realm) configuration from folder [`/keycloak-realm-exports/cloud-native-starter-author-local-realm-export.json`](https://github.com/thomassuedbroecker/get-started-with-keycloak-microprofile-openliberty/tree/master/keycloak-realm-exports) ```bash cd $ROOT_FOLDER/keycloak-realm-exports ``` ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F96978e85168fb4e23ef4ed49561a8fce9b865318.png?generation=1593439005557735\&alt=media) 1. Press *Create* ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F898e460ae0f2193ae168ddc00ba37a1748e8655d.png?generation=1593439003462409\&alt=media) ## (Optional) Step 3: Verify the imported realm `cloudnativestarter` ### (Optional) Realm The **realm** `cloudnativestarter` uses a [OpenID Endpoint configuration.](https://www.keycloak.org/docs/latest/securing_apps/#openid-connect-2). ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Ff69e520c76a7768958586320e9dc8daeb5e367d0.png?generation=1593439003975746\&alt=media) ### (Optional) Realm keys The Key has the [JavaWebToken (JWT)](https://en.wikipedia.org/wiki/JSON_Web_Token) format and uses the *RS256 asymmetric algorithm*. > *"RS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. Since the public key, as opposed to the private key, doesn't need to be kept secured, most identity providers make it easily available for consumers to obtain and use (usually through a metadata URL)."* [Resource of this text](https://stackoverflow.com/questions/39239051/rs256-vs-hs256-whats-the-difference) ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fa1948b36cce522b4e83d5d3990a696172efcd31b.png?generation=1593439005341279\&alt=media) ### (Optional) Client Definition of the `authors-cloud-native-starter` client. ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F7396350994b048ed1d60e2d1f1a90b9b65a5d694.png?generation=1593439004200089\&alt=media) ### (Optional) Client scope ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fda402acd3fe01a5eaea6bee9e5ddba1a845f9c30.png?generation=1593439004674023\&alt=media) ### (Optional) Roles Definition of the role `authors-role-cloud-native-starter`. ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fb3ecc37360bc9583fd48bfc5c382d41db2968039.png?generation=1593439004898896\&alt=media) ### (Optional) Groups Definition of the group `authors-cloud-native-starter`. ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F127e81a990cf73a0ea0615ae713d3f04338f501b.png?generation=1593439003944182\&alt=media) ### (Optional) Groups role mapping The definition of the role `authors-role-cloud-native-starter` to the group `authors-cloudnativestarter` mapping. ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Ff659d3afd5585db5702a639317f881edeb95d750.png?generation=1593439005447811\&alt=media) ## Step 5: **Add a user** ### 1. Set Username: `author-cloud-native-starter` ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F499b709513bbff3a4f6e9ef4d120a4121d3b3c5e.png?generation=1593439005031225\&alt=media) ### 2. Set Password: `1234` ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fa95e410a34b4271afec3bc0b4bff31fc05736fe2.png?generation=1593439006096741\&alt=media) ### 3. **Turn off *****temporary*** ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F37a792e568cc670f83bdabecbcc0e6aaf6ca8bd1.png?generation=1593439003224283\&alt=media) ### 4. Remove in the tab Details the *Required User Action* **Update Password** ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2Fd8c13b54e64624ed3d7acb57666a12571aa7f22d.png?generation=1593439006695787\&alt=media) ## Step 6: **Add user to group** Select in user *Author-cloud-native-starter* the tab `Groups` and join in `_Available Groups_` the `_authors-cloudnativestarter_` as you see in the image below. ![](https://2281508817-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB-MBeCtL-jysFPva8K%2Fsync%2F333d61c7317cedcff742922f113a80599f550af6.png?generation=1593439005191286\&alt=media)