i am considering moving my sso service from authentik to keycloak. this service was created by redhat and so far it has been interesting. i just setup my server for keycloak and had to go through some hoops to configure it. first of all, it uses java so the configuration i had to learn from their documentation. otherwise, a few youtube videos on it helped and i was able to configure it to the way i wanted. the main thing that i find useful is the wide support of keycloak as an identity provider. especially saml authentication for zammad. i am just test trialing to see if it can replace authentik.
the configuration has main steps since it has a dev and production server environment. otherwise, i installed it using a proxmox ve lxc script and had to follow documentation of creating temp admin account to set the server up. once that was done, i removed that admin account and created a new admin account with my email and stuff. then i went to go figure out how to add my own ssl certificates and https access to the server. the first step is to build the server.
this is done using these commands:
/opt/keycloak/bin/kc.sh build
cd /opt/keycloak/conf
nano keycloak.conf
hostname=sso.domain.com
https-port=443
https-certificate-file=/opt/ssl/cert.pem
https-certificate-key-file=/opt/ssl/private.pem
db-password=secure-password!!
this is kind of a general guideline to use. change it to your liking and follow documentation from keycloak. next you will want to run the build command again, and then swap ‘build’ with ‘start’.
and if everything went well, it should have taken the new configurations. you can check your configurations with ‘./kc.sh show-config’. once again, the ssl certs were generated with nginx proxy manager and the domain name was created in my local dns server. it is pointed to the ip address of the server for now, to test the https functionality. once this is confirmed, you can create a proxy host inside your reverse proxy and point your dns record to your reverse proxy’s ip address. ensure that this works as well.