That moment when you were finally able to make a plugin after 36 hours of frustration for a software with absolute shit docs and not many resources thanks partly to a small article (written in german which you had to translate) that you found lurking in the corner of web. 😌

PLEASE

Im trying to start keycloak via docker compose

It works when i start the container via docker

But fucking fails when docker compose SAME.EXACT COMMAND

Keeps crashing with logs

2023-10-13 11:34:40 User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'

WHY

Just discovered Keycloak... the best fucking shit ever

Today we finally launched Keycloak to secure our spring cloud microservice architecture!

Great feeling after 4 month of tailoring open source software, bug fixes and so much pain 😄

Pro tip by a Noobie: Whenever you use an open sourced software, and set it up using some tutorial, make sure you download the latest distribution.

Wasted 2 days fixing something while setting up KeyCloak, eventually downloaded the latest version and worked fine. There was a bug in KeyCloak apparently.

Happened the same 2 and a half years ago trying to write node scripts for ElasticSearch, using an older ES library -_-

While planning my (personal) server I just seem to pile up more and more things to do/consider. Basically, for now I just want to have rclone, nextcloud and jellyfin, plus some usenet stuff later on. But I want to have the whole installation and configuration automated as far as possible, since I'll at first it will run in a test environment and needs to be migrated to another server at a point, possibly even another OS. So I suppose that means docker, docker-compose and Chef (any better options?). I want SSL: Traefik. User management / auth? RADIUS, LDAP. SSO? keycloak. I also need to deal with virtual hosts. And probably much more..

Since I just have basic Linux knowledge and have no real experience with any of the other technologies, I feel a bit lost. I just got to the abovementioned software due to some ddg research. I don't mind digging deep, I want to learn (which is half the reason for this project), but it's not easy to the the best way to set this up.

2 questions:

1. Why would i use keycloak if i can code the same shit by my custom jwt implementation?

2. Is jwt still secure today or should i use oauth2? If jwt is still fine to implement then I'll continue doing it because i know exactly how to implement it. But How can i determine when to use oauth2 vs jwt?

I don't get keycloak. Anyone who has experience with it, please help.

We have what I would think is a common setup: a kubernetes cluster with a Spring boot api-gateway and keycloak as oauth2-provider.

The api-gateway needs an issuer-uri to keycloak for endpoint discovery, i.e. to configure a bunch of endpoints to keykloak for different purposes.

The two main purposes are: 1. to redirect the user to keycloak (must be an url reachable from outside the cluster, i.e. ingress) 2. to authenticate tokens directly with keycloak from within the cluster.

Keycloak can be configured to set some of these discovery endpoints to different values. Specifically it makes a separation between backfacing (system calls in cluster) and frontfacing (user call from browser) urls All seems good.

However, when using this setup, each time spring security authenticates a token against keycloak it says the "issuer" is invalid. This is because the issuer is the host on which the token was generated. This host was the one in the url which the user was redirected to i.e. the ingress.

It feels like there is no way around this except running keycloak outside the Kubernetes cluster, but surely there must be a way to run keycloak in the same cluster. What else is the purpose of keycloak having the concept of back- and frontfacing urls?

Anyone with a lot of experience with keycloak?

learning keycloak