Keycloak – Configuration as Code Pt.2
Keycloak is an open-source software solution for identity and access management, providing features such as single sign-on, user authentication, and authorization services. There are various ways how you can configure your Keycloak instance. In this hands-on blog series, we will work towards a fully automated configuration, using only Java code.
What we have seen so far:
- Identity and Access Management with Keycloak – In this blog post, we get to know some basic building blocks that we have at our disposal in Keycloak.
- Keycloak – Configuration as Code Pt. 1 – In this blog post, we cover how to create the basic project setup for our ‘Keycloak – Configuration as Code’ endeavour.
We will continue where we left off. In case you want to skip the previous step, feel free to check out the base project setup here. From there we start with an empty Maven project containing two Maven submodules. with their respective POMs. Our goal in this post is to extend our code base so that we can start up our Keycloak instance using nothing but the two commands
The Keycloak Distribution
Once again, there are multiple ways to get started. We could make use of the Keycloak docker base image, provided by Red Hat. However, that would leave us less flexible when it comes to fixing security issues (reported CVEs) in the dependency tree of Keycloak itself. Inspired by a blog post by Thomas Darimont and Sebastian Rose, two colleagues from Germany, on Keycloak.X, but secure – without vulnerable libraries, we are not going to use this base image. Instead, we add the Keycloak distribution as a dependency to our project. If you are interested in the benefits of doing so, feel free to read their interesting blog. In summary,
a custom distribution can support in the following:
- Use of an optimized configuration for fast server start-up
- Support of own extensions and themes
- Only actually used Quarkus extensions activated
- Additionally needed Quarkus extensions are supported
- Libraries can be upgraded to a current patch level.
- (Quote from Keycloak.X, but secure – without vulnerable libraries)
Kom in contact met ons als je vragen hebt of wanneer je klaar bent om gezamenlijk een project te starten!