Skip to content

Commit 0249caf

Browse files
authored
Merge pull request #3362 from pareenaverma/content_review
Tech review of Keycloak LP
2 parents f75da67 + c613037 commit 0249caf

5 files changed

Lines changed: 214 additions & 153 deletions

File tree

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ author: Pareena Verma
2828

2929
### Tags
3030
skilllevels: Introductory
31-
subjects: Containers and Virtualization
31+
subjects: Web
3232
cloud_service_providers:
3333
- Microsoft Azure
3434

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -33,14 +33,9 @@ Keycloak integrates with web applications, APIs, Kubernetes platforms, microserv
3333

3434
To learn more, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
3535

36-
Keycloak provides several important capabilities for authentication and security management:
37-
38-
- Single Sign-On (SSO): Enables users to authenticate once and access multiple applications securely.
39-
- Centralized Identity Management: Manages users, roles, groups, and authentication policies from a single platform.
40-
- OAuth2 and OpenID Connect Support: Simplifies secure API and application authentication workflows.
41-
- Multi-factor Authentication (MFA): Improves account security using additional authentication methods.
42-
- User Federation: Integrates with enterprise identity systems such as LDAP and Active Directory.
43-
- Role-Based Access Control (RBAC): Controls user permissions and application access securely.
36+
Keycloak provides several important capabilities for authentication and security management. Its Single Sign-On (SSO) support lets users authenticate once and access multiple applications without logging in again. Centralized Identity Management means you can manage users, roles, groups, and authentication policies from a single platform, while OAuth2 and OpenID Connect support simplifies secure API and application authentication workflows.
37+
38+
Keycloak also supports Multi-factor Authentication (MFA) for stronger account security, User Federation for integrating with enterprise identity systems such as LDAP and Active Directory, and Role-Based Access Control (RBAC) to control user permissions and application access.
4439

4540
In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
4641

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,16 @@ Your virtual machine should be ready and running in a few minutes. You can SSH i
5959

6060
{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see "Getting Started with Microsoft Azure" in [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/).{{% /notice %}}
6161

62+
### Connect to your virtual machine
63+
64+
Use the private key file you downloaded and the public IP address shown in the Azure portal to connect to your virtual machine.
65+
66+
```bash
67+
ssh -i <your-key-name>.pem azureuser@YOUR_PUBLIC_IP
68+
```
69+
70+
Replace `<your-key-name>` with the name of your SSH key pair and `YOUR_PUBLIC_IP` with the public IP address shown in the Azure portal after deployment.
71+
6272
## What you've accomplished and what's next
6373

6474
You've created an Azure Cobalt 100 Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_deployment_azure_cobalt100.md

Lines changed: 59 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -12,52 +12,7 @@ In this section, you'll install Keycloak on an Azure Cobalt 100 Arm64 virtual ma
1212

1313
Keycloak provides centralized identity and access management for applications using standards such as OAuth2, OpenID Connect, and SAML.
1414

15-
### Overview
16-
17-
This learning path explains how to deploy and configure Keycloak on Azure Cobalt 100 Arm64 virtual machines using PostgreSQL as the backend database.
18-
19-
You will learn how to:
20-
21-
- Install Keycloak on Arm64 infrastructure
22-
- Configure PostgreSQL integration
23-
- Bootstrap the Keycloak admin user
24-
- Configure Keycloak as a systemd service
25-
- Fix common Keycloak 26.x issues
26-
- Access the Keycloak administration console
27-
28-
### Target platform
29-
30-
| Component | Value |
31-
| -------------- | ----------------------------- |
32-
| Cloud | Microsoft Azure |
33-
| VM Type | Azure Cobalt 100 Arm64 |
34-
| Recommended VM | Standard_D4ps_v6 |
35-
| OS | Ubuntu Server 24.04 LTS Arm64 |
36-
37-
### Architecture
38-
39-
```text
40-
Azure Cobalt 100 Arm64 VM
41-
|
42-
├── PostgreSQL
43-
├── Keycloak
44-
├── Flask OAuth Demo App
45-
└── Browser Access
46-
```
47-
48-
### Configure Azure networking
49-
50-
Allow these inbound ports:
51-
52-
| Port | Purpose |
53-
| ---- | ---------------------------- |
54-
| 22 | SSH |
55-
| 8080 | Keycloak HTTP |
56-
| 9000 | Keycloak management endpoint |
57-
| 5000 | Flask demo application |
58-
59-
60-
### Update your system
15+
## Update your system
6116

6217
Start by updating the package index and installing the latest available package updates on the virtual machine.
6318

@@ -90,11 +45,14 @@ java -version
9045

9146
The output is similar to:
9247
```output
93-
openjdk version "21"
48+
openjdk version "21.0.11" 2026-04-21
49+
OpenJDK Runtime Environment (build 21.0.11+10-1-24.04.2-Ubuntu)
50+
OpenJDK 64-Bit Server VM (build 21.0.11+10-1-24.04.2-Ubuntu, mixed mode, sharing)
9451
```
9552

9653

97-
### Configure PostgreSQL Database
54+
## Configure PostgreSQL database
55+
9856
Keycloak needs a persistent database to store realms, users, clients, roles, and authentication configuration.
9957

10058
### Create the Keycloak database and user
@@ -122,7 +80,7 @@ Grant database access to the Keycloak user.
12280
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloakuser;
12381
```
12482

125-
Connect to Keycloak database:
83+
Connect to the Keycloak database.
12684

12785
```sql
12886
\c keycloak
@@ -137,14 +95,19 @@ GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO keycloakuser;
13795
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO keycloakuser;
13896
```
13997

140-
Exit PostgreSQL:
98+
Exit PostgreSQL.
14199

142100
```sql
143101
\q
144102
```
145103

146-
### Download Keycloak
147-
Download the Keycloak release archive, extract it, and move it to /opt/keycloak.
104+
## Download Keycloak
105+
106+
Download the Keycloak release archive, extract it, and move it to `/opt/keycloak`.
107+
108+
{{% notice Note %}}
109+
The following commands use Keycloak version 26.2.5. The same commands work with other versions. Replace the file names in these steps with the file for your version of choice. To find the latest version, see [Keycloak releases on GitHub](https://github.com/keycloak/keycloak/releases).
110+
{{% /notice %}}
148111

149112
```bash
150113
cd ~
@@ -153,19 +116,25 @@ tar -xzf keycloak-26.2.5.tar.gz
153116
sudo mv keycloak-26.2.5 /opt/keycloak
154117
```
155118

156-
### Create Keycloak Linux user
119+
## Create Keycloak Linux user
120+
157121
Create a dedicated Linux user to run Keycloak securely as a system service.
158122

159123
```bash
160124
sudo useradd -r -s /bin/false keycloak
161125
sudo chown -R keycloak:keycloak /opt/keycloak
162126
```
163127

164-
### Configure Keycloak
128+
## Configure Keycloak
129+
165130
Create the Keycloak configuration file and connect it to the PostgreSQL database.
166131

167132
Replace YOUR_PUBLIC_IP with the public IP address of your Azure VM.
168133

134+
{{% notice Note %}}
135+
The `db-password` value must match the password you set for `keycloakuser` during the PostgreSQL setup step. Replace `StrongPassword123!` with your actual database password.
136+
{{% /notice %}}
137+
169138
Create configuration:
170139

171140
```bash
@@ -190,15 +159,15 @@ EOF
190159
Do not use proxy=edge with this setup because it can cause hostname and admin console loading issues in newer Keycloak versions.
191160
{{% /notice %}}
192161

193-
### Build the Keycloak server
162+
## Build the Keycloak server
194163

195164
Build Keycloak so the server configuration is optimized and persisted before startup.
196165

197166
```bash
198167
sudo /opt/keycloak/bin/kc.sh build
199168
```
200169

201-
### Create the Keycloak admin user
170+
## Create the Keycloak admin user
202171

203172
Bootstrap the initial admin user that will be used to log in to the Keycloak Admin Console.
204173

@@ -229,7 +198,7 @@ Successful output includes:
229198
Created temporary admin user with username admin
230199
```
231200

232-
### Configure Keycloak as a systemd service
201+
## Configure Keycloak as a systemd service
233202

234203
Create a systemd service so Keycloak starts automatically and runs in the background.
235204

@@ -254,7 +223,7 @@ WantedBy=multi-user.target
254223
EOF
255224
```
256225

257-
### Configure Keycloak runtime directories
226+
## Configure Keycloak runtime directories
258227

259228
Create writable runtime directories required by Keycloak for temporary files, logs, and cache.
260229

@@ -277,10 +246,9 @@ sudo chmod -R 755 /opt/keycloak/data
277246
```
278247

279248

280-
### Start and verify Keycloak
281-
Start Keycloak and verify that the service is running correctly.
249+
## Start and verify Keycloak
282250

283-
Start Keycloak:
251+
Start Keycloak and verify that the service is running correctly.
284252

285253
Reload systemd, enable the service, and start Keycloak.
286254
```bash
@@ -294,15 +262,29 @@ Check the service status.
294262
```bash
295263
sudo systemctl status keycloak
296264
```
265+
The output should look similar to:
297266

298-
View live Keycloak logs.
267+
```output
268+
Active: active (running) since Thu 2026-06-04 15:26:27 UTC; 7s ago
269+
```
270+
271+
View live Keycloak logs to confirm it starts without errors, then press Ctrl+C to exit.
299272

300273
```bash
301274
sudo journalctl -u keycloak -f
302275
```
303276

304277

278+
## Access the Keycloak Admin Console
279+
280+
Open the Keycloak Admin Console in your browser.
281+
282+
```text
283+
http://YOUR_PUBLIC_IP:8080/admin/
284+
```
285+
305286
### Fix HTTPS required error
287+
306288
If the browser shows an HTTPS required message, disable SSL enforcement for the master realm for this HTTP-based learning path setup.
307289

308290
```text
@@ -331,23 +313,17 @@ Exit PostgreSQL.
331313
\q
332314
```
333315

334-
Restart Keycloak:
316+
Restart Keycloak.
335317

336318
```bash
337319
sudo systemctl restart keycloak
338320
```
339321

340-
### Access the Keycloak Admin Console
341-
342-
Open the Keycloak Admin Console in your browser.
343-
344-
```text
345-
http://YOUR_PUBLIC_IP:8080/admin/
346-
```
322+
After restarting, open the admin console again and log in.
347323

348324
![Keycloak login page running on the Azure Cobalt 100 Arm64 virtual machine after fixing the HTTPS required issue and successfully loading the authentication screen.#center](images/keycloak-ui.png "Keycloak login page on Azure Cobalt 100 Arm64")
349325

350-
Login:
326+
Log in with the admin credentials you created earlier.
351327

352328
```text
353329
Username: admin
@@ -356,7 +332,7 @@ Password: AdminPassword123!
356332

357333
![Keycloak Admin Console welcome page showing the master realm dashboard after successful login on the Azure Cobalt 100 Arm64 virtual machine.#center](images/keycloak-welcome-page.png "Keycloak Admin Console welcome dashboard")
358334

359-
### Verify health endpoint
335+
## Verify health endpoint
360336

361337
```bash
362338
curl http://localhost:9000/health
@@ -365,11 +341,19 @@ curl http://localhost:9000/health
365341
The output is similar to:
366342

367343
```output
368-
{"status":"UP"}
344+
{
345+
"status": "UP",
346+
"checks": [
347+
{
348+
"name": "Keycloak database connections async health check",
349+
"status": "UP"
350+
}
351+
]
352+
}
369353
```
370354

371-
### What you've learned and what's next
355+
## What you've learned and what's next
372356

373357
You now have Keycloak running successfully on Azure Cobalt 100 Arm64 with PostgreSQL integration, a systemd service, and a working admin console.
374358

375-
Next, you'll configure a Flask application and integrate it with Keycloak using OAuth2/OpenID Connect authenticatio
359+
Next, you'll configure a Flask application and integrate it with Keycloak using OAuth2/OpenID Connect authentication.

0 commit comments

Comments
 (0)