Step 1 - Start and configure Keycloak

In this part we will setup Keycloak. We will run a local Keycloak Docker container and reuse an existing realm configuration.

The image below shows the relevant elements we will use later.

Step 1: Clone the project to your local machine

git clone https://github.com/thomassuedbroecker/get-started-with-keycloak-microprofile-openliberty.git
cd get-started-with-keycloak-microprofile-openliberty
ROOT_FOLDER=$(pwd)

Step 2: Start Keycloak Docker image local

Open a terminal session and enter:

docker run -it -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8282:8080 jboss/keycloak:9.0.2

Step 2: Import the existing realm configuration

1. Open the Keycloak in a browser select the Administration Console

Use following URL:

http://localhost:8282/

1. Login to using the URL in your browser with user/admin and password/admin

2. Select Add realm

1. Choose for import Select file

1. Select existing realm configuration from folder /keycloak-realm-exports/cloud-native-starter-author-local-realm-export.json

cd $ROOT_FOLDER/keycloak-realm-exports

1. Press Create

(Optional) Step 3: Verify the imported realm cloudnativestarter

(Optional) Realm

The realm cloudnativestarter uses a OpenID Endpoint configuration..

(Optional) Realm keys

The Key has the JavaWebToken (JWT) format and uses the RS256 asymmetric algorithm.

"RS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. Since the public key, as opposed to the private key, doesn't need to be kept secured, most identity providers make it easily available for consumers to obtain and use (usually through a metadata URL)." Resource of this text

(Optional) Client

Definition of the authors-cloud-native-starter client.

(Optional) Client scope

(Optional) Roles

Definition of the role authors-role-cloud-native-starter.

(Optional) Groups

Definition of the group authors-cloud-native-starter.

(Optional) Groups role mapping

The definition of the role authors-role-cloud-native-starter to the group authors-cloudnativestarter mapping.

Step 5: Add a user

1. Set Username: author-cloud-native-starter

2. Set Password: 1234

3. Turn off temporary

4. Remove in the tab Details the Required User Action Update Password

Step 6: Add user to group

Select in user Author-cloud-native-starter the tab Groups and join in _Available Groups_ the _authors-cloudnativestarter_ as you see in the image below.