3engines_doc/site/kubernetes/Deploy-Keycloak-on-Kubernetes-with-a-sample-app-on-3Engines-Cloud.html.html

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Documentation for 3Engines services and products"><meta name=author content=3Engines><link rel=canonical href=https://docs.3Engines.com/kubernetes/Deploy-Keycloak-on-Kubernetes-with-a-sample-app-on-3Engines-Cloud.html.html><link rel=icon href=../assets/favicon.ico><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.6.14"><title>Deploy Keycloak on Kubernetes with a sample app on 3Engines Cloud🔗 - 3Engines Documentation</title><link rel=stylesheet href=../assets/stylesheets/main.342714a4.min.css><link rel=stylesheet href=../assets/stylesheets/palette.06af60db.min.css><script src=https://unpkg.com/iframe-worker/shim></script><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><link rel=stylesheet href=../stylesheets/extra.css><script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script> <link href="../assets/stylesheets/glightbox.min.css" rel="stylesheet"/><style>
    html.glightbox-open { overflow: initial; height: 100%; }
    .gslide-title { margin-top: 0px; user-select: text; }
    .gslide-desc { color: #666; user-select: text; }
    .gslide-image img { background: white; }
    .gscrollbar-fixer { padding-right: 15px; }
    .gdesc-inner { font-size: 0.75rem; }
    body[data-md-color-scheme="slate"] .gdesc-inner { background: var(--md-default-bg-color);}
    body[data-md-color-scheme="slate"] .gslide-title { color: var(--md-default-fg-color);}
    body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);}</style> <script src="../assets/javascripts/glightbox.min.js"></script></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=blue-grey data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#deploy-keycloak-on-kubernetes-with-a-sample-app-on-3engines-cloud class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../index.html title="3Engines Documentation" class="md-header__button md-logo" aria-label="3Engines Documentation" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> 3Engines Documentation </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> Deploy Keycloak on Kubernetes with a sample app on 3Engines Cloud🔗 </span> </div> </div> </div> <form class=md-header__option data-md-component=palette> <input class=md-option data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme=default data-md-color-primary=blue-grey data-md-color-accent=indigo aria-label="Switch to dark mode" type=radio name=__palette id=__palette_0> <label class="md-header__button md-icon" title="Switch to dark mode" for=__palette_1 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg> </label> <input class=md-option data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme=slate data-md-color-primary=indigo data-md-color-accent=indigo aria-label="Switch to light mode" type=radio name=__palette id=__palette_1> <label class="md-header__button md-icon" title="Switch to light mode" for=__palette_0 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg> </label> </form> <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </label> <nav class=md-search__options aria-label=Search> <a href=javascript:void(0) class="md-search__icon md-icon" title=Share aria-label=Share data-clipboard data-clipboard-text data-md-component=search-share tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg> </a> <button type=reset class="md-search__icon md-icon" title=Clear aria-label=Clear tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg> </button> </nav> <div class=md-search__suggest data-md-component=search-suggest></div> </form> <div class=md-search__output> <div class=md-search__scrollwrap tabindex=0 data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list role=presentation></ol> </div> </div> </div> </div> </div> </nav> </header> <div class=md-container data-md-component=container> <nav class=md-tabs aria-label=Tabs data-md-component=tabs> <div class=md-grid> <ul class=md-tabs__list> <li class=md-tabs__item> <a href=../index.html class=md-tabs__link> Home </a> </li> <li class=md-tabs__item> <a href=../cloud/cloud.html.html class=md-tabs__link> Cloud </a> </li> <li class=md-tabs__item> <a href=../datavolume/datavolume.html.html class=md-tabs__link> Data Volume </a> </li> <li class=md-tabs__item> <a href=../networking/networking.html.html class=md-tabs__link> Networking </a> </li> <li class=md-tabs__item> <a href=../s3/s3.html.html class=md-tabs__link> S3 </a> </li> <li class=md-tabs__item> <a href=../windows/windows.html.html class=md-tabs__link> Windows </a> </li> </ul> </div> </nav> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=sidebar data-md-type=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=../index.html title="3Engines Documentation" class="md-nav__button md-logo" aria-label="3Engines Documentation" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg> </a> 3Engines Documentation </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../index.html class=md-nav__link> <span class=md-ellipsis> Home </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_2> <label class=md-nav__link for=__nav_2 id=__nav_2_label tabindex=0> <span class=md-ellipsis> Cloud </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_2_label aria-expanded=false> <label class=md-nav__title for=__nav_2> <span class="md-nav__icon md-icon"></span> Cloud </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../cloud/cloud.html.html class=md-nav__link> <span class=md-ellipsis> Overview </span> </a> </li> <li class=md-nav__item> <a href=../cloud/Dashboard-Overview-Project-Quotas-And-Flavors-Limits-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Dashboard Overview – Project Quotas And Flavors Limits on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-access-the-VM-from-OpenStack-console-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to access the VM from OpenStack console on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-clone-existing-and-configured-VMs-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to clone existing and configured VMs on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-fix-unresponsive-console-issue-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to fix unresponsive console issue on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-generate-ec2-credentials-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to generate and manage EC2 credentials on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-generate-or-use-Application-Credentials-via-CLI-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to generate or use Application Credentials via CLI on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-use-GUI-in-Linux-VM-on-3Engines-Cloud-and-access-it-from-local-Linux-computer.html.html class=md-nav__link> <span class=md-ellipsis> How to Use GUI in Linux VM on 3Engines Cloud and access it From Local Linux Computer </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-To-Create-a-New-Linux-VM-With-NVIDIA-Virtual-GPU-in-the-OpenStack-Dashboard-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How To Create a New Linux VM With NVIDIA Virtual GPU in the OpenStack Dashboard Horizon on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-use-Docker-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to install and use Docker on Ubuntu 24.04 </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-use-Security-Groups-in-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to use Security Groups in Horizon on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-key-pair-in-OpenStack-Dashboard-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create key pair in OpenStack Dashboard on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-new-Linux-VM-in-OpenStack-Dashboard-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create new Linux VM in OpenStack Dashboard Horizon on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-install-Python-virtualenv-or-virtualenvwrapper-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to install Python virtualenv or virtualenvwrapper on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-start-a-VM-from-a-snapshot-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to start a VM from a snapshot on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/Status-Power-State-and-dependences-in-billing-of-instances-VMs-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Status Power State and dependencies in billing of instance VMs on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-upload-your-custom-image-using-OpenStack-CLI-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to upload your custom image using OpenStack CLI on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/VM-created-with-option-Create-New-Volume-No-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> VM created with option Create New Volume No on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/VM-created-with-option-Create-New-Volume-Yes-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> VM created with option Create New Volume Yes on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/What-is-an-OpenStack-domain-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> What is an OpenStack domain on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/What-is-an-OpenStack-project-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> What is an OpenStack project on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-a-Linux-VM-and-access-it-from-Windows-desktop-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create a Linux VM and access it from Windows desktop on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-a-Linux-VM-and-access-it-from-Linux-command-line-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create a Linux VM and access it from Linux command line on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/DNS-as-a-Service-on-3Engines-Cloud-Hosting.html.html class=md-nav__link> <span class=md-ellipsis> DNS as a Service on 3Engines Cloud Hosting </span> </a> </li> <li class=md-nav__item> <a href=../cloud/What-Image-Formats-are-available-in-OpenStack-3Engines-Cloud-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> What Image Formats are Available in OpenStack 3Engines Cloud cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-upload-custom-image-to-3Engines-Cloud-cloud-using-OpenStack-Horizon-dashboard.html.html class=md-nav__link> <span class=md-ellipsis> How to upload custom image to 3Engines Cloud cloud using OpenStack Horizon dashboard </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-Windows-VM-on-OpenStack-Horizon-and-access-it-via-web-console-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create Windows VM on OpenStack Horizon and access it via web console on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-transfer-volumes-between-domains-and-projects-using-Horizon-dashboard-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to transfer volumes between domains and projects using Horizon dashboard on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/Spot-instances-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Spot instances on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-instance-snapshot-using-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create instance snapshot using Horizon on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-start-a-VM-from-instance-snapshot-using-Horizon-dashboard-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to start a VM from instance snapshot using Horizon dashboard on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/How-to-create-a-VM-using-the-OpenStack-CLI-client-on-3Engines-Cloud-cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create a VM using the OpenStack CLI client on 3Engines Cloud cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/OpenStack-user-roles-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> OpenStack User Roles on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/Resizing-a-virtual-machine-using-OpenStack-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Resizing a virtual machine using OpenStack Horizon on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../cloud/Block-storage-and-object-storage-performance-limits-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Block storage and object storage performance limits on 3Engines Cloud </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3> <label class=md-nav__link for=__nav_3 id=__nav_3_label tabindex=0> <span class=md-ellipsis> Data Volume </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_3_label aria-expanded=false> <label class=md-nav__title for=__nav_3> <span class="md-nav__icon md-icon"></span> Data Volume </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../datavolume/datavolume.html.html class=md-nav__link> <span class=md-ellipsis> Overview </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-attach-a-volume-to-VM-less-than-2TB-on-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to attach a volume to VM less than 2TB on Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-attach-a-volume-to-VM-more-than-2TB-on-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to attach a volume to VM more than 2TB on Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/Ephemeral-vs-Persistent-storage-option-Create-New-Volume-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Ephemeral vs Persistent storage option Create New Volume on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-export-a-volume-over-NFS-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to export a volume over NFS on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-export-a-volume-over-NFS-outside-of-a-project-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to export a volume over NFS outside of a project on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-extend-the-volume-in-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to extend the volume in Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-mount-object-storage-in-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to mount object storage in Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-move-data-volume-between-two-VMs-using-OpenStack-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to move data volume between two VMs using OpenStack Horizon on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-many-objects-can-I-put-into-Object-Storage-container-bucket-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How many objects can I put into Object Storage container bucket on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-create-volume-Snapshot-and-attach-as-Volume-on-Linux-or-Windows-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create volume Snapshot and attach as Volume on Linux or Windows on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/Volume-snapshot-inheritance-and-its-consequences-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Volume snapshot inheritance and its consequences on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-To-Create-Backup-Of-Your-Volume-From-Windows-Machine-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Create Backup of Your Volume From Windows Machine on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-To-Attach-Volume-To-Windows-VM-On-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How To Attach Volume To Windows VM On 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-create-or-delete-volume-snapshot-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create or delete volume snapshot on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/How-to-restore-volume-from-snapshot-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to restore volume from snapshot on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../datavolume/Bootable-versus-non-bootable-volumes-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Bootable versus non-bootable volumes on 3Engines Cloud </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4> <label class=md-nav__link for=__nav_4 id=__nav_4_label tabindex=0> <span class=md-ellipsis> Networking </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_4_label aria-expanded=false> <label class=md-nav__title for=__nav_4> <span class="md-nav__icon md-icon"></span> Networking </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../networking/networking.html.html class=md-nav__link> <span class=md-ellipsis> Overview </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-can-I-access-my-VMs-using-names-instead-of-IP-addresses-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How can I access my VMs using names instead of IP addresses on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-to-Add-or-Remove-Floating-IPs-to-your-VM-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Add or Remove Floating IP’s to your VM on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/Cannot-access-VM-with-SSH-or-PING-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Cannot access VM with SSH or PING on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/Cannot-ping-VM-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Cannot ping VM on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-to-connect-to-your-virtual-machine-via-SSH-in-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to connect to your virtual machine via SSH in Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-to-create-a-network-with-router-in-Horizon-Dashboard-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to create a network with router in Horizon Dashboard on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-can-I-open-new-ports-port-80-for-http-for-my-service-or-instance-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How can I open new ports for http for my service or instance on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/Generating-a-SSH-keypair-in-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Generating an SSH keypair in Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-to-add-SSH-key-from-Horizon-web-console-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to add SSH key from Horizon web console on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-is-my-VM-visible-in-the-internet-with-no-Floating-IP-attached-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How is my VM visible in the internet with no Floating IP attached on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-to-run-and-configure-Firewall-as-a-service-and-VPN-as-a-service-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to run and configure Firewall as a service and VPN as a service on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../networking/How-to-Import-SSH-Public-Key-to-OpenStack-Horizon-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to import SSH public key to OpenStack Horizon on 3Engines Cloud </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_5> <label class=md-nav__link for=__nav_5 id=__nav_5_label tabindex=0> <span class=md-ellipsis> S3 </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_5_label aria-expanded=false> <label class=md-nav__title for=__nav_5> <span class="md-nav__icon md-icon"></span> S3 </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../s3/s3.html.html class=md-nav__link> <span class=md-ellipsis> Overview </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-delete-large-S3-bucket-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Delete Large S3 Bucket on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-mount-object-storage-container-as-a-file-system-in-Linux-using-s3fs-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Mount Object Storage Container as a File System in Linux Using s3fs on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/Bucket-sharing-using-s3-bucket-policy-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Bucket sharing using s3 bucket policy on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-use-Object-Storage-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to use Object Storage on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-access-private-object-storage-using-S3cmd-or-boto3-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to access private object storage using S3cmd or boto3 on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-To-Install-boto3-In-Windows-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Install Boto3 in Windows on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/Server-Side-Encryption-with-Customer-Managed-Keys-SSE-C-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Server-Side Encryption with Customer-Managed Keys (SSE-C) on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-mount-object-storage-container-from-3Engines-Cloud-as-file-system-on-local-Windows-computer.html.html class=md-nav__link> <span class=md-ellipsis> How to mount object storage container from 3Engines Cloud as file system on local Windows computer </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-install-s3cmd-on-Linux-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to install s3cmd on Linux on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-access-object-storage-from-3Engines-Cloud-using-boto3.html.html class=md-nav__link> <span class=md-ellipsis> How to access object storage from 3Engines Cloud using boto3 </span> </a> </li> <li class=md-nav__item> <a href=../s3/How-to-access-object-storage-from-3Engines-Cloud-using-s3cmd.html.html class=md-nav__link> <span class=md-ellipsis> How to access object storage from 3Engines Cloud using s3cmd </span> </a> </li> <li class=md-nav__item> <a href=../s3/Configuration-files-for-s3cmd-command-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Configuration files for s3cmd command on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../s3/S3-bucket-object-versioning-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> S3 bucket object versioning on 3Engines Cloud </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_6> <label class=md-nav__link for=__nav_6 id=__nav_6_label tabindex=0> <span class=md-ellipsis> Windows </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_6_label aria-expanded=false> <label class=md-nav__title for=__nav_6> <span class="md-nav__icon md-icon"></span> Windows </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../windows/windows.html.html class=md-nav__link> <span class=md-ellipsis> Overview </span> </a> </li> <li class=md-nav__item> <a href=../windows/How-to-access-a-VM-from-Windows-PuTTY-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to access a VM from Windows PuTTY on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../windows/Connecting-to-a-Windows-VM-via-RDP-through-a-Linux-bastion-host-port-forwarding-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Connecting to a Windows VM via RDP through a Linux bastion host port forwarding on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../windows/How-to-connect-to-a-virtual-machine-via-SSH-from-Windows-10-Command-Prompt-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to connect to a virtual machine via SSH from Windows 10 Command Prompt on 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../windows/How-To-Create-SSH-Key-Pair-In-Windows-On-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Create SSH Key Pair in Windows 10 On 3Engines Cloud </span> </a> </li> <li class=md-nav__item> <a href=../windows/Can-I-change-my-password-through-RDP-on-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> Can I change my password through RDP on 3Engines Cloud? </span> </a> </li> <li class=md-nav__item> <a href=../windows/How-To-Create-SSH-Key-Pair-In-Windows-11-On-3Engines-Cloud.html.html class=md-nav__link> <span class=md-ellipsis> How to Create SSH Key Pair in Windows 11 On 3Engines Cloud </span> </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=sidebar data-md-type=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="On this page"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> On this page </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#what-we-are-going-to-do class=md-nav__link> <span class=md-ellipsis> What We Are Going To Do🔗 </span> </a> </li> <li class=md-nav__item> <a href=#prerequisites class=md-nav__link> <span class=md-ellipsis> Prerequisites🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-1-deploy-keycloak-on-kubernetes class=md-nav__link> <span class=md-ellipsis> Step 1 Deploy Keycloak on Kubernetes🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-2-create-keycloak-realm class=md-nav__link> <span class=md-ellipsis> Step 2 Create Keycloak realm🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-3-create-and-configure-keycloak-client class=md-nav__link> <span class=md-ellipsis> Step 3 Create and configure Keycloak client🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-4-create-a-user-in-keycloak class=md-nav__link> <span class=md-ellipsis> Step 4 Create a User in Keycloak🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-5-retrieve-client-secret-from-keycloak class=md-nav__link> <span class=md-ellipsis> Step 5 Retrieve client secret from Keycloak🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-6-create-a-flask-web-app-utilizing-keycloak-authentication class=md-nav__link> <span class=md-ellipsis> Step 6 Create a Flask web app utilizing Keycloak authentication🔗 </span> </a> </li> <li class=md-nav__item> <a href=#step-7-test-the-application class=md-nav__link> <span class=md-ellipsis> Step 7 Test the application🔗 </span> </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content data-md-component=content> <article class="md-content__inner md-typeset"> <h1 id=deploy-keycloak-on-kubernetes-with-a-sample-app-on-3engines-cloud>Deploy Keycloak on Kubernetes with a sample app on 3Engines Cloud<a href=#deploy-keycloak-on-kubernetes-with-a-sample-app-on-brand-name title="Permalink to this headline">🔗</a><a class=headerlink href=#deploy-keycloak-on-kubernetes-with-a-sample-app-on-3engines-cloud title="Permanent link">&para;</a></h1> <p><a href=https://www.keycloak.org/ >Keycloak</a> is a large Open-Source Identity Management suite capable of handling a wide range of identity-related use cases.</p> <p>Using Keycloak, it is straightforward to deploy a robust authentication/authorization solution for your applications. After the initial deployment, you can easily configure it to meet new identity-related requirements, e.g. multi-factor authentication, federation to social-providers, custom password policies, and many others.</p> <h2 id=what-we-are-going-to-do>What We Are Going To Do<a href=#what-we-are-going-to-do title="Permalink to this headline">🔗</a><a class=headerlink href=#what-we-are-going-to-do title="Permanent link">&para;</a></h2> <blockquote> <ul> <li>Deploy Keycloak on a Kubernetes cluster</li> <li>Configure Keycloak: create a realm, client and a user</li> <li>Deploy a sample Python web application using Keycloak for authentication</li> </ul> </blockquote> <h2 id=prerequisites>Prerequisites<a href=#prerequisites title="Permalink to this headline">🔗</a><a class=headerlink href=#prerequisites title="Permanent link">&para;</a></h2> <p>No. 1 <strong>Hosting</strong></p> <p>You need a 3Engines Cloud hosting account with Horizon interface <a href=https://horizon.3Engines.com>https://horizon.3Engines.com</a>.</p> <p>No. 2 <strong>A running Kubernetes cluster and kubectl activated</strong></p> <p>A Kubernetes cluster, to create one refer to: <a href=How-to-Create-a-Kubernetes-Cluster-Using-3Engines-Cloud-OpenStack-Magnum.html.html>How to Create a Kubernetes Cluster Using 3Engines Cloud OpenStack Magnum</a>. To activate <strong>kubectl</strong>, see <a href=How-To-Access-Kubernetes-Cluster-Post-Deployment-Using-Kubectl-On-3Engines-Cloud-OpenStack-Magnum.html.html>How To Access Kubernetes Cluster Post Deployment Using Kubectl On 3Engines Cloud OpenStack Magnum</a>.</p> <p>No. 3 <strong>Basic knowledge of Python and pip package management</strong></p> <p>Basic knowledge of Python and pip package management is expected. Python 3 and pip should be already installed and available on your local machine.</p> <p>No. 4 <strong>Familiarity with OpenID Connect (OIDC) terminology</strong></p> <p>Certain familiarity with OpenID Connect (OIDC) terminology is required. Some key terms will be briefly explained in this article.</p> <h2 id=step-1-deploy-keycloak-on-kubernetes>Step 1 Deploy Keycloak on Kubernetes<a href=#step-1-deploy-keycloak-on-kubernetes title="Permalink to this headline">🔗</a><a class=headerlink href=#step-1-deploy-keycloak-on-kubernetes title="Permanent link">&para;</a></h2> <p>Let’s first create a dedicated Kubernetes namespace for Keycloak. This is optional, but good practice:</p> <div class=highlight><pre><span></span><code><span id=__span-0-1><a id=__codelineno-0-1 name=__codelineno-0-1 href=#__codelineno-0-1></a>kubectl create namespace keycloak
</span></code></pre></div> <p>Then deploy Keycloak into this namespace:</p> <div class=highlight><pre><span></span><code><span id=__span-1-1><a id=__codelineno-1-1 name=__codelineno-1-1 href=#__codelineno-1-1></a>kubectl create -f https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml -n keycloak
</span></code></pre></div> <p>Keycloak, by default, gets exposed as a Kubernetes service of a type LoadBalancer, on port 8080. You need to find out the service public IP with the following command (note it might take a couple minutes to populate):</p> <div class=highlight><pre><span></span><code><span id=__span-2-1><a id=__codelineno-2-1 name=__codelineno-2-1 href=#__codelineno-2-1></a>kubectl get services -n keycloak
</span><span id=__span-2-2><a id=__codelineno-2-2 name=__codelineno-2-2 href=#__codelineno-2-2></a>NAME          TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)          AGE
</span><span id=__span-2-3><a id=__codelineno-2-3 name=__codelineno-2-3 href=#__codelineno-2-3></a>keycloak      LoadBalancer   10.254.8.94     64.225.128.216   8080:31228/TCP   23h
</span></code></pre></div> <p>Note</p> <p>In our case, the external IP address is <strong>64.225.128.216</strong> so that is what we are going to use in this article. Be sure to replace it with the IP address of your own.</p> <p>So, enter <strong>http://64.225.128.216:8080/</strong> to browser to access Keycloak:</p> <p><a class=glightbox href=../_images/image2023-4-4_13-37-48.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-4-4_13-37-48.png src=../_images/image2023-4-4_13-37-48.png></a></p> <p>Next, click on <strong>Administration Console</strong> and you will get redirected to the login screen, where you can sign-in as an admin (login/password <em>admin/admin</em> )</p> <p><a class=glightbox href=../_images/image2023-4-4_13-28-40.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-4-4_13-28-40.png src=../_images/image2023-4-4_13-28-40.png></a></p> <p>This is full screen view of the Keycloak window:</p> <p><a class=glightbox href=../_images/keycloack_full_screen.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=keycloack_full_screen.png src=../_images/keycloack_full_screen.png></a></p> <h2 id=step-2-create-keycloak-realm>Step 2 Create Keycloak realm<a href=#step-2-create-keycloak-realm title="Permalink to this headline">🔗</a><a class=headerlink href=#step-2-create-keycloak-realm title="Permanent link">&para;</a></h2> <p>In Keycloak terminology, a <em>realm</em> is a dedicated space for managing an isolated subset of users, roles and other related entities. Keycloak has initially a master realm used for administration of Keycloak itself.</p> <p>Our next step is to create our own realm and start operating within its context. To create it, click first on <strong>master</strong> field in the upper left corner, then click on <strong>Create Realm</strong>.</p> <p><a class=glightbox href=../_images/image2023-6-14_15-24-46.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-14_15-24-46.png src=../_images/image2023-6-14_15-24-46.png></a></p> <p>We will just enter the realm name <em>myrealm</em>, leaving the rest unchanged:</p> <p><a class=glightbox href=../_images/image2023-6-14_15-26-51.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-14_15-26-51.png src=../_images/image2023-6-14_15-26-51.png></a></p> <p>When the realm is created (and selected), we operate within this realm:</p> <p><a class=glightbox href=../_images/image2023-6-14_15-29-22.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-14_15-29-22.png src=../_images/image2023-6-14_15-29-22.png></a></p> <p>In the left upper corner, instead of <strong>master</strong> now is the name of the selected realm, <strong>myrealm</strong>.</p> <h2 id=step-3-create-and-configure-keycloak-client>Step 3 Create and configure Keycloak client<a href=#step-3-create-and-configure-keycloak-client title="Permalink to this headline">🔗</a><a class=headerlink href=#step-3-create-and-configure-keycloak-client title="Permanent link">&para;</a></h2> <p>Clients are entities in Keycloak that can request Keycloak to authenticate users. In practical terms, they can be thought of as representation of individual applications that want to utilize Keycloak-managed authentication/authorization.</p> <p>Within the <em>myrealm</em> realm, we will now create a client <em>myapp</em> that will represent the web application which we will create in one of the further steps. To create one such client, click on the Clients panel on the left menu, and then on <strong>Create Client</strong> button.</p> <p>You will enter a wizard consisting of 3 steps. In the first step we just enter the ID of the client (which, in our case, is <em>myapp</em>), leaving other settings unchanged:</p> <p><a class=glightbox href=../_images/image2023-6-14_15-40-56.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-14_15-40-56.png src=../_images/image2023-6-14_15-40-56.png></a></p> <p>The next screen involves selecting some crucial settings relating to the authentication/authorization requirements of your specific application.</p> <p><a class=glightbox href=../_images/create_client_with_authentication.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=create_client_with_authentication.png src=../_images/create_client_with_authentication.png></a></p> <p>The options you choose will depend on your particular scenario:</p> <dl> <dt>Scenario 1 Traditional server applications</dt> <dd>For the purpose of this article and our demo app, we use a traditional client server application. We then need to turn on the “Client Authentication” toggle.</dd> <dt>Scenario 2 SPA</dt> <dd>For single page applications, you can stay with the default where “Client Authentication” toggle is off.</dd> </dl> <p>For our demo app, we will require authentication via secret, so be sure to activate option <strong>Client Authentication</strong>. Once it is turned on, we will be able to the obtain the value of <em>secret</em> later on, in Step 5.</p> <p>The last step of the Wizard involves setting some key coordinates of our client application. The ones we modify involve:</p> <p><a class=glightbox href=../_images/image2023-6-14_16-8-44.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-14_16-8-44.png src=../_images/image2023-6-14_16-8-44.png></a></p> <dl> <dt>root URL</dt> <dd>In our case, we want to deploy the app locally so we set up the root as <a href=http://localhost>http://localhost</a> . You will need to change this if your app will be exposed as a public service.</dd> <dt>Valid redirect URIs</dt> <dd>This setting represents a route in our app, to which a user will be redirected after a successful login from Keycloak. In our case, we leave this setting very permissive with a “*”, allowing redirect to any path in our application. For production, you should make this more explicit, using a dedicated route, say, <em>/callback</em>, for this purpose.</dd> <dt>Web origins</dt> <dd>This setting specifies hosts that can send requests to Keycloak. Requests from other hosts will not pass the cross-origin check and will be rejected. Also here we are very permissive by setting a “*”. Similarly as above, strongly consider changing this setting for production, and limit to trusted sources only.</dd> </dl> <p>After hitting <strong>Save</strong>, your client is created. You can then modify the previously selected settings of the created client, and add new, more specific ones. There are vast possibilities for further customization depending on your app specifics, this is however beyond the scope of this article.</p> <h2 id=step-4-create-a-user-in-keycloak>Step 4 Create a User in Keycloak<a href=#step-4-create-a-user-in-keycloak title="Permalink to this headline">🔗</a><a class=headerlink href=#step-4-create-a-user-in-keycloak title="Permanent link">&para;</a></h2> <p>After creating the Client, we will proceed to creating our first User in Keycloak. In order to do so, click on the Users tab on the left and then <strong>Create New User</strong>:</p> <p>We will again be very selective and only choose <em>test</em> as the username, leaving other options intact:</p> <p><a class=glightbox href=../_images/image2023-6-14_16-41-7.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-14_16-41-7.png src=../_images/image2023-6-14_16-41-7.png></a></p> <p>Next, we will set up password credentials for the newly created user. Select <strong>Credentials</strong> tab and then <strong>Set password</strong>, type in the password with confirmation in the form and hit Save:</p> <p><a class=glightbox href=../_images/image2023-6-15_8-43-7.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-15_8-43-7.png src=../_images/image2023-6-15_8-43-7.png></a></p> <h2 id=step-5-retrieve-client-secret-from-keycloak>Step 5 Retrieve client secret from Keycloak<a href=#step-5-retrieve-client-secret-from-keycloak title="Permalink to this headline">🔗</a><a class=headerlink href=#step-5-retrieve-client-secret-from-keycloak title="Permanent link">&para;</a></h2> <p>Once we have the Keycloak set up, we will need to extract the client <em>secret</em>, so that Keycloak establishes trust with our application.</p> <p>The <em>client_secret</em> can be extracted by going into <em>myrealm</em> realm, selecting <em>myapp</em> as the client and then taking the client secret with the following chain of commands:</p> <blockquote> <p><strong>Clients</strong> –&gt; <strong>Client detail</strong> –&gt; <strong>Credentials</strong></p> </blockquote> <p>Once in tab <strong>Credentials</strong>, the secret will become accessible through field <strong>Client secret</strong>:</p> <p><a class=glightbox href=../_images/image2023-6-26_11-27-0.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-26_11-27-0.png src=../_images/image2023-6-26_11-27-0.png></a></p> <p>For privacy reasons, in the screeshot above, it is painted yellow. In your case, take note of its value, as in the next step you will need to paste it into the application code.</p> <h2 id=step-6-create-a-flask-web-app-utilizing-keycloak-authentication>Step 6 Create a Flask web app utilizing Keycloak authentication<a href=#step-6-create-a-flask-web-app-utilizing-keycloak-authentication title="Permalink to this headline">🔗</a><a class=headerlink href=#step-6-create-a-flask-web-app-utilizing-keycloak-authentication title="Permanent link">&para;</a></h2> <p>To build the app, we will use Flask, which is a lightweight Python-based web framework. Keycloak supports wide range of other technologies as well. We will use Flask-OIDC library, which expands Flask with capability to run OpenID Connect authentication/authorization scenarios.</p> <p>As a prerequisite, you need to install the following pip packages to cover the dependency chain. Best run the commands from an already preinstalled Python virtual environment:</p> <div class=highlight><pre><span></span><code><span id=__span-3-1><a id=__codelineno-3-1 name=__codelineno-3-1 href=#__codelineno-3-1></a>pip install Werkzeug==2.3.8
</span><span id=__span-3-2><a id=__codelineno-3-2 name=__codelineno-3-2 href=#__codelineno-3-2></a>pip install Flask==2.0.1
</span><span id=__span-3-3><a id=__codelineno-3-3 name=__codelineno-3-3 href=#__codelineno-3-3></a>pip install wheel==0.40.0
</span><span id=__span-3-4><a id=__codelineno-3-4 name=__codelineno-3-4 href=#__codelineno-3-4></a>pip install flask-oidc==1.4.0
</span><span id=__span-3-5><a id=__codelineno-3-5 name=__codelineno-3-5 href=#__codelineno-3-5></a>pip install itsdangerous==2.0.1
</span></code></pre></div> <p>Then you will need to create 2 files: <em>app.py</em> and <em>keycloak.json</em>. You will need the following changes in these files:</p> <dl> <dt>Replace the IP address</dt> <dd>In <em>keycloak.json</em>, replace <em>64.225.128.216</em> with your own external IP from <strong>Step 1</strong>.</dd> <dt>Replace client_secret</dt> <dd>Again in <em>keycloak.json</em>, replace value of variable client_secret with the secret from <strong>Step 5</strong>.</dd> <dt>Replace client_secret</dt> <dd>In file <em>app.py</em>, replace value of <em>SECRET_KEY</em> with the same secret from <strong>Step 5</strong>.</dd> </dl> <p>Create a new file called <em>app.py</em> and paste in the following contents:</p> <div class=highlight><pre><span></span><code><span id=__span-4-1><a id=__codelineno-4-1 name=__codelineno-4-1 href=#__codelineno-4-1></a>from flask import Flask, g
</span><span id=__span-4-2><a id=__codelineno-4-2 name=__codelineno-4-2 href=#__codelineno-4-2></a>from flask_oidc import OpenIDConnect
</span><span id=__span-4-3><a id=__codelineno-4-3 name=__codelineno-4-3 href=#__codelineno-4-3></a>import json
</span><span id=__span-4-4><a id=__codelineno-4-4 name=__codelineno-4-4 href=#__codelineno-4-4></a>
</span><span id=__span-4-5><a id=__codelineno-4-5 name=__codelineno-4-5 href=#__codelineno-4-5></a>app = Flask(__name__)
</span><span id=__span-4-6><a id=__codelineno-4-6 name=__codelineno-4-6 href=#__codelineno-4-6></a>
</span><span id=__span-4-7><a id=__codelineno-4-7 name=__codelineno-4-7 href=#__codelineno-4-7></a>app.config.update(
</span><span id=__span-4-8><a id=__codelineno-4-8 name=__codelineno-4-8 href=#__codelineno-4-8></a>        SECRET_KEY=&#39;XXXXXX&#39;,
</span><span id=__span-4-9><a id=__codelineno-4-9 name=__codelineno-4-9 href=#__codelineno-4-9></a>        OIDC_CLIENT_SECRETS=&#39;keycloak.json&#39;,
</span><span id=__span-4-10><a id=__codelineno-4-10 name=__codelineno-4-10 href=#__codelineno-4-10></a>        OIDC_INTROSPECTION_AUTH_METHOD=&#39;client_secret_post&#39;,
</span><span id=__span-4-11><a id=__codelineno-4-11 name=__codelineno-4-11 href=#__codelineno-4-11></a>        OIDC_TOKEN_TYPE_HINT=&#39;access_token&#39;,
</span><span id=__span-4-12><a id=__codelineno-4-12 name=__codelineno-4-12 href=#__codelineno-4-12></a>        OIDC_SCOPES=[&#39;openid&#39;,&#39;email&#39;,&#39;profile&#39;],
</span><span id=__span-4-13><a id=__codelineno-4-13 name=__codelineno-4-13 href=#__codelineno-4-13></a>        OIDC_OPENID_REALM=&#39;myrealm&#39;
</span><span id=__span-4-14><a id=__codelineno-4-14 name=__codelineno-4-14 href=#__codelineno-4-14></a>    )
</span><span id=__span-4-15><a id=__codelineno-4-15 name=__codelineno-4-15 href=#__codelineno-4-15></a>
</span><span id=__span-4-16><a id=__codelineno-4-16 name=__codelineno-4-16 href=#__codelineno-4-16></a>oidc = OpenIDConnect(app)
</span><span id=__span-4-17><a id=__codelineno-4-17 name=__codelineno-4-17 href=#__codelineno-4-17></a>
</span><span id=__span-4-18><a id=__codelineno-4-18 name=__codelineno-4-18 href=#__codelineno-4-18></a>@app.route(&#39;/&#39;)
</span><span id=__span-4-19><a id=__codelineno-4-19 name=__codelineno-4-19 href=#__codelineno-4-19></a>def index():
</span><span id=__span-4-20><a id=__codelineno-4-20 name=__codelineno-4-20 href=#__codelineno-4-20></a>    if oidc.user_loggedin:
</span><span id=__span-4-21><a id=__codelineno-4-21 name=__codelineno-4-21 href=#__codelineno-4-21></a>        info = oidc.user_getinfo([&quot;preferred_username&quot;, &quot;email&quot;, &quot;sub&quot;])
</span><span id=__span-4-22><a id=__codelineno-4-22 name=__codelineno-4-22 href=#__codelineno-4-22></a>        return &#39;Welcome %s&#39; % info.get(&quot;preferred_username&quot;)
</span><span id=__span-4-23><a id=__codelineno-4-23 name=__codelineno-4-23 href=#__codelineno-4-23></a>    else:
</span><span id=__span-4-24><a id=__codelineno-4-24 name=__codelineno-4-24 href=#__codelineno-4-24></a>        return &#39;&lt;h1&gt;Not logged in&lt;/h1&gt;&#39;
</span><span id=__span-4-25><a id=__codelineno-4-25 name=__codelineno-4-25 href=#__codelineno-4-25></a>
</span><span id=__span-4-26><a id=__codelineno-4-26 name=__codelineno-4-26 href=#__codelineno-4-26></a>@app.route(&#39;/login&#39;)
</span><span id=__span-4-27><a id=__codelineno-4-27 name=__codelineno-4-27 href=#__codelineno-4-27></a>@oidc.require_login
</span><span id=__span-4-28><a id=__codelineno-4-28 name=__codelineno-4-28 href=#__codelineno-4-28></a>def login():
</span><span id=__span-4-29><a id=__codelineno-4-29 name=__codelineno-4-29 href=#__codelineno-4-29></a>    token = oidc.get_access_token()
</span><span id=__span-4-30><a id=__codelineno-4-30 name=__codelineno-4-30 href=#__codelineno-4-30></a>    info = oidc.user_getinfo([&quot;preferred_username&quot;, &quot;email&quot;, &quot;sub&quot;])
</span><span id=__span-4-31><a id=__codelineno-4-31 name=__codelineno-4-31 href=#__codelineno-4-31></a>    username = info.get(&quot;preferred_username&quot;)
</span><span id=__span-4-32><a id=__codelineno-4-32 name=__codelineno-4-32 href=#__codelineno-4-32></a>    return &quot;Token: &quot; + token + &quot;&lt;br/&gt;&lt;br/&gt;  Username: &quot; + username
</span><span id=__span-4-33><a id=__codelineno-4-33 name=__codelineno-4-33 href=#__codelineno-4-33></a>
</span><span id=__span-4-34><a id=__codelineno-4-34 name=__codelineno-4-34 href=#__codelineno-4-34></a>@app.route(&#39;/logout&#39;)
</span><span id=__span-4-35><a id=__codelineno-4-35 name=__codelineno-4-35 href=#__codelineno-4-35></a>def logout():
</span><span id=__span-4-36><a id=__codelineno-4-36 name=__codelineno-4-36 href=#__codelineno-4-36></a>    oidc.logout()
</span><span id=__span-4-37><a id=__codelineno-4-37 name=__codelineno-4-37 href=#__codelineno-4-37></a>    return &#39;&lt;h2&gt;Hi, you have been logged out! &lt;a href=&quot;/&quot;&gt;Return&lt;/a&gt;&lt;/h2&gt;&#39;
</span></code></pre></div> <p>The application code bootstraps the Flask application and provides the configurations necessary for <em>flask_oidc</em>. We need to configure the</p> <blockquote> <ul> <li>name of our realm, the</li> <li>client <em>secret_key</em> and the</li> <li>additional settings that reflect our specific sample flow.</li> </ul> </blockquote> <p>Also, this configuration points to another configuration file, <em>keycloak.json</em>, which reflects further settings of our Keycloak realm. Specifically, in it you will find the client ID and the secret, as well as the endpoints where Keycloak makes available further information about the realm settings.</p> <p>Create the required file <em>keycloak.json</em>, in the same working folder as the <em>app.py</em> file:</p> <div class=highlight><pre><span></span><code><span id=__span-5-1><a id=__codelineno-5-1 name=__codelineno-5-1 href=#__codelineno-5-1></a>{
</span><span id=__span-5-2><a id=__codelineno-5-2 name=__codelineno-5-2 href=#__codelineno-5-2></a>&quot;web&quot;: {
</span><span id=__span-5-3><a id=__codelineno-5-3 name=__codelineno-5-3 href=#__codelineno-5-3></a>    &quot;client_id&quot;: &quot;myapp&quot;,
</span><span id=__span-5-4><a id=__codelineno-5-4 name=__codelineno-5-4 href=#__codelineno-5-4></a>    &quot;client_secret&quot;: &quot;XXXXXX&quot;,
</span><span id=__span-5-5><a id=__codelineno-5-5 name=__codelineno-5-5 href=#__codelineno-5-5></a>    &quot;auth_uri&quot;: &quot;http://64.225.128.216:8080/realms/myrealm/protocol/openid-connect/auth&quot;,
</span><span id=__span-5-6><a id=__codelineno-5-6 name=__codelineno-5-6 href=#__codelineno-5-6></a>    &quot;token_uri&quot;: &quot;http://64.225.128.216:8080/realms/myrealm/protocol/openid-connect/token&quot;,
</span><span id=__span-5-7><a id=__codelineno-5-7 name=__codelineno-5-7 href=#__codelineno-5-7></a>    &quot;issuer&quot;: &quot;http://64.225.128.216:8080/realms/myrealm&quot;,
</span><span id=__span-5-8><a id=__codelineno-5-8 name=__codelineno-5-8 href=#__codelineno-5-8></a>    &quot;userinfo_uri&quot;: &quot;http://64.225.128.216:8080/realms/myrealm/protocol/openid-connect/userinfo&quot;,
</span><span id=__span-5-9><a id=__codelineno-5-9 name=__codelineno-5-9 href=#__codelineno-5-9></a>    &quot;token_introspection_uri&quot;: &quot;http://64.225.128.216:8080/realms/myrealm/protocol/openid-connect/token/introspect&quot;,
</span><span id=__span-5-10><a id=__codelineno-5-10 name=__codelineno-5-10 href=#__codelineno-5-10></a>    &quot;redirect_uris&quot;: [
</span><span id=__span-5-11><a id=__codelineno-5-11 name=__codelineno-5-11 href=#__codelineno-5-11></a>      &quot;http://localhost:5000/*&quot;
</span><span id=__span-5-12><a id=__codelineno-5-12 name=__codelineno-5-12 href=#__codelineno-5-12></a>    ]
</span><span id=__span-5-13><a id=__codelineno-5-13 name=__codelineno-5-13 href=#__codelineno-5-13></a>  }
</span><span id=__span-5-14><a id=__codelineno-5-14 name=__codelineno-5-14 href=#__codelineno-5-14></a>}
</span></code></pre></div> <p>Note that <em>app.py</em> creates 3 routes:</p> <dl> <dt>/</dt> <dd>In this route, a page is served that provides the name of a logged in user. Alternatively, if the user is not logged in yet, it prompts to do so.</dd> <dt><code>/login</code></dt> <dd>This route redirects the user to the Keycloak login page and upon successful authentication provides user name and token</dd> <dt><code>/logout</code></dt> <dd>Entering this route logs the user out.</dd> </dl> <h2 id=step-7-test-the-application>Step 7 Test the application<a href=#step-7-test-the-application title="Permalink to this headline">🔗</a><a class=headerlink href=#step-7-test-the-application title="Permanent link">&para;</a></h2> <p>To test the application, execute the following command from the working directory in which file <em>app.py</em> is placed:</p> <div class=highlight><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a>flask run
</span></code></pre></div> <p>This is the result, in a CLI window:</p> <p><a class=glightbox href=../_images/flask_run.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=flask_run.png src=../_images/flask_run.png></a></p> <p>We now know that the <em>localhost</em> is running flask server on port 5000. Enter <em>localhost:5000</em> into the browser address bar and it will display the site served on the base route: <em>/</em> . We have not logged in our user yet, hence the respective message:</p> <p><a class=glightbox href=../_images/image2023-6-26_11-54-29.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-26_11-54-29.png src=../_images/image2023-6-26_11-54-29.png></a></p> <p>The next step is to enter the <em>/login</em> route. Enter <em>localhost:5000/login</em> into the browser address bar. Doing so, redirects to Keycloak prompting to log in to <em>myapp</em>:</p> <p><a class=glightbox href=../_images/image2023-6-26_12-0-35.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-26_12-0-35.png src=../_images/image2023-6-26_12-0-35.png></a></p> <p>To authenticate, enter the username of the user we created in step 3 (username: <em>test</em>), and the password you used to create this user. With default settings, you might be asked to change the password after first login, then just proceed accordingly. After logging in, our username and token get displayed (for security reasons, parts of the token are painted in yellow):</p> <p><a class=glightbox href=../_images/image2023-6-26_12-36-24.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-26_12-36-24.png src=../_images/image2023-6-26_12-36-24.png></a></p> <p>The last route to test is <em>/logout</em> . When entering <em>localhost:5000/logout</em> to the browser, we can see the screen below. Entering this route calls the <em>flask-oidc</em> method that logs the user out, also clearing the session cookie under the hood.</p> <p><a class=glightbox href=../_images/image2023-6-26_12-42-24.png data-type=image data-width=100% data-height=auto data-desc-position=bottom><img alt=image2023-6-26_12-42-24.png src=../_images/image2023-6-26_12-42-24.png></a></p> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type=button class="md-top md-icon" data-md-component=top hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <div class=md-dialog data-md-component=dialog> <div class="md-dialog__inner md-typeset"></div> </div> <script id=__config type=application/json>{"base": "..", "features": ["content.code.annotate", "content.code.copy", "content.tooltips", "navigation.tabs", "navigation.sections", "navigation.footer", "navigation.indexes", "navigation.sections", "navigation.top", "navigation.tracking", "search.highlight", "search.share", "search.suggest", "toc.follow"], "search": "../assets/javascripts/workers/search.d50fe291.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script> <script src=../assets/javascripts/bundle.13a4f30d.min.js></script> <script id="init-glightbox">const lightbox = GLightbox({"touchNavigation": false, "loop": false, "zoomable": true, "draggable": true, "openEffect": "zoom", "closeEffect": "zoom", "slideEffect": "slide"});
document$.subscribe(() => { lightbox.reload() });
</script></body> </html>