You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- User Federation: Integrates with enterprise identity systems such as LDAP and Active Directory.
43
-
- Role-Based Access Control (RBAC): Controls user permissions and application access securely.
36
+
Keycloak provides several important capabilities for authentication and security management. Its Single Sign-On (SSO) support lets users authenticate once and access multiple applications without logging in again. Centralized Identity Management means you can manage users, roles, groups, and authentication policies from a single platform, while OAuth2 and OpenID Connect support simplifies secure API and application authentication workflows.
37
+
38
+
Keycloak also supports Multi-factor Authentication (MFA) for stronger account security, User Federation for integrating with enterprise identity systems such as LDAP and Active Directory, and Role-Based Access Control (RBAC) to control user permissions and application access.
44
39
45
40
In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
Copy file name to clipboardExpand all lines: content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,6 +59,16 @@ Your virtual machine should be ready and running in a few minutes. You can SSH i
59
59
60
60
{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see "Getting Started with Microsoft Azure" in [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/).{{% /notice %}}
61
61
62
+
### Connect to your virtual machine
63
+
64
+
Use the private key file you downloaded and the public IP address shown in the Azure portal to connect to your virtual machine.
Replace `<your-key-name>` with the name of your SSH key pair and `YOUR_PUBLIC_IP` with the public IP address shown in the Azure portal after deployment.
71
+
62
72
## What you've accomplished and what's next
63
73
64
74
You've created an Azure Cobalt 100 Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
OpenJDK 64-Bit Server VM (build 21.0.11+10-1-24.04.2-Ubuntu, mixed mode, sharing)
94
51
```
95
52
96
53
97
-
### Configure PostgreSQL Database
54
+
## Configure PostgreSQL database
55
+
98
56
Keycloak needs a persistent database to store realms, users, clients, roles, and authentication configuration.
99
57
100
58
### Create the Keycloak database and user
@@ -122,7 +80,7 @@ Grant database access to the Keycloak user.
122
80
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloakuser;
123
81
```
124
82
125
-
Connect to Keycloak database:
83
+
Connect to the Keycloak database.
126
84
127
85
```sql
128
86
\c keycloak
@@ -137,14 +95,19 @@ GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO keycloakuser;
137
95
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO keycloakuser;
138
96
```
139
97
140
-
Exit PostgreSQL:
98
+
Exit PostgreSQL.
141
99
142
100
```sql
143
101
\q
144
102
```
145
103
146
-
### Download Keycloak
147
-
Download the Keycloak release archive, extract it, and move it to /opt/keycloak.
104
+
## Download Keycloak
105
+
106
+
Download the Keycloak release archive, extract it, and move it to `/opt/keycloak`.
107
+
108
+
{{% notice Note %}}
109
+
The following commands use Keycloak version 26.2.5. The same commands work with other versions. Replace the file names in these steps with the file for your version of choice. To find the latest version, see [Keycloak releases on GitHub](https://github.com/keycloak/keycloak/releases).
110
+
{{% /notice %}}
148
111
149
112
```bash
150
113
cd~
@@ -153,19 +116,25 @@ tar -xzf keycloak-26.2.5.tar.gz
153
116
sudo mv keycloak-26.2.5 /opt/keycloak
154
117
```
155
118
156
-
### Create Keycloak Linux user
119
+
## Create Keycloak Linux user
120
+
157
121
Create a dedicated Linux user to run Keycloak securely as a system service.
158
122
159
123
```bash
160
124
sudo useradd -r -s /bin/false keycloak
161
125
sudo chown -R keycloak:keycloak /opt/keycloak
162
126
```
163
127
164
-
### Configure Keycloak
128
+
## Configure Keycloak
129
+
165
130
Create the Keycloak configuration file and connect it to the PostgreSQL database.
166
131
167
132
Replace YOUR_PUBLIC_IP with the public IP address of your Azure VM.
168
133
134
+
{{% notice Note %}}
135
+
The `db-password` value must match the password you set for `keycloakuser` during the PostgreSQL setup step. Replace `StrongPassword123!` with your actual database password.
136
+
{{% /notice %}}
137
+
169
138
Create configuration:
170
139
171
140
```bash
@@ -190,15 +159,15 @@ EOF
190
159
Do not use proxy=edge with this setup because it can cause hostname and admin console loading issues in newer Keycloak versions.
191
160
{{% /notice %}}
192
161
193
-
###Build the Keycloak server
162
+
## Build the Keycloak server
194
163
195
164
Build Keycloak so the server configuration is optimized and persisted before startup.
196
165
197
166
```bash
198
167
sudo /opt/keycloak/bin/kc.sh build
199
168
```
200
169
201
-
###Create the Keycloak admin user
170
+
## Create the Keycloak admin user
202
171
203
172
Bootstrap the initial admin user that will be used to log in to the Keycloak Admin Console.
204
173
@@ -229,7 +198,7 @@ Successful output includes:
229
198
Created temporary admin user with username admin
230
199
```
231
200
232
-
###Configure Keycloak as a systemd service
201
+
## Configure Keycloak as a systemd service
233
202
234
203
Create a systemd service so Keycloak starts automatically and runs in the background.
235
204
@@ -254,7 +223,7 @@ WantedBy=multi-user.target
254
223
EOF
255
224
```
256
225
257
-
###Configure Keycloak runtime directories
226
+
## Configure Keycloak runtime directories
258
227
259
228
Create writable runtime directories required by Keycloak for temporary files, logs, and cache.
Start Keycloak and verify that the service is running correctly.
249
+
## Start and verify Keycloak
282
250
283
-
Start Keycloak:
251
+
Start Keycloak and verify that the service is running correctly.
284
252
285
253
Reload systemd, enable the service, and start Keycloak.
286
254
```bash
@@ -294,15 +262,29 @@ Check the service status.
294
262
```bash
295
263
sudo systemctl status keycloak
296
264
```
265
+
The output should look similar to:
297
266
298
-
View live Keycloak logs.
267
+
```output
268
+
Active: active (running) since Thu 2026-06-04 15:26:27 UTC; 7s ago
269
+
```
270
+
271
+
View live Keycloak logs to confirm it starts without errors, then press Ctrl+C to exit.
299
272
300
273
```bash
301
274
sudo journalctl -u keycloak -f
302
275
```
303
276
304
277
278
+
## Access the Keycloak Admin Console
279
+
280
+
Open the Keycloak Admin Console in your browser.
281
+
282
+
```text
283
+
http://YOUR_PUBLIC_IP:8080/admin/
284
+
```
285
+
305
286
### Fix HTTPS required error
287
+
306
288
If the browser shows an HTTPS required message, disable SSL enforcement for the master realm for this HTTP-based learning path setup.
307
289
308
290
```text
@@ -331,23 +313,17 @@ Exit PostgreSQL.
331
313
\q
332
314
```
333
315
334
-
Restart Keycloak:
316
+
Restart Keycloak.
335
317
336
318
```bash
337
319
sudo systemctl restart keycloak
338
320
```
339
321
340
-
### Access the Keycloak Admin Console
341
-
342
-
Open the Keycloak Admin Console in your browser.
343
-
344
-
```text
345
-
http://YOUR_PUBLIC_IP:8080/admin/
346
-
```
322
+
After restarting, open the admin console again and log in.
347
323
348
324

349
325
350
-
Login:
326
+
Log in with the admin credentials you created earlier.
351
327
352
328
```text
353
329
Username: admin
@@ -356,7 +332,7 @@ Password: AdminPassword123!
356
332
357
333

0 commit comments