堂-DayDayUP VIM Linux Life
堂-DayDayUP
VIM Linux Life

keycloak

已发表 -更新 
Keycloak

cd /usr/local/
wget --no-check-certificate https://home.vimll.com:9999/download/keycloak-21.1.2.tar.gz
tar xf keycloak-21.1.2.tar.gz

export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=xxxxxx@123
# /usr/local/keycloak-21.1.2/bin/kc.sh start-dev

# cat /etc/supervisord.d/keycloak.ini
[program: keycloak]
directory = /usr/local/keycloak-21.1.2/bin ; 程序的启动目录
command =  /usr/local/keycloak-21.1.2/bin/kc.sh start-dev --features="admin-fine-grained-authz,token-exchange" ;
autostart = true     ; 在 supervisord 启动的时候也自动启动
startsecs = 15       ; 启动 5 秒后没有异常退出,就当作已经正常启动了
autorestart = true   ; 程序异常退出后自动重启
startretries = 5     ; 启动失败自动重试次数,默认是 3
user = erp        ; 用哪个用户启动
redirect_stderr = true  ; 把 stderr 重定向到 stdout,默认 false
stdout_logfile_maxbytes = 20MB  ; stdout 日志文件大小,默认 50MB
stdout_logfile_backups = 5     ; stdout 日志文件备份数
; stdout 日志文件,需要注意当指定目录不存在时无法正常启动,所以需要手动创建目录(supervisord 会自动创建日志文件)
stdout_logfile = /usr/local/keycloak-21.1.2/logs/keycloak_stdout.log ;日志统一放在log目录下
stopasgroup = true
killasgroup = true

supervisorctl start keycloak

ssh -L 8080:127.0.0.1:8080 root@192.168.254.96 -p9922 -o ServerAliveInterval=300
http://localhost:8080
http://localhost:8080/admin
http://localhost:8080/realms/haha/account/#/

haha   xxxxxxx@123
http:192.168.254.96:8080/realms/haha/account/#/

连mysql数据库:
CREATE DATABASE keycloak DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
create user keycloak@'%' identified by 'xxxxxx@123';
GRANT  all privileges  ON keycloak.* TO `keycloak`@`%`;
FLUSH PRIVILEGES;

公网非HTTPS访问  update REALM set ssl_required='NONE';

./bin/kc.sh start-dev --db mysql --db-url jdbc:mysql://192.168.254.97:3306/keycloak?useSSL=false --db-username=keycloak --db-password=xxxxxx@123 --http-port=8080 --transaction-xa-enabled=false

curl --location --request POST 'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=xxxx' \
--data-urlencode 'password=xxxxxx' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=admin-cli'