What is Keycloak?

About

Keycloak is an iam software that is OAuth 2.0 compliant.

It's java based and supports multiple realms (ie application user repository)

Getting started with docker

To start a local keycloak instance in a dev mode, with docker:

docker run --name keycloak --rm -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev

This run command uses the kc command line tool ¹⁾

To see the command line options:

docker run --rm quay.io/keycloak/keycloak:21.1.1 --help

Once the docker server is started, you can login to http://localhost:8080

Enter the username admin and password admin to discover keycloak.

Database Schema

By default, the database is H2.

You can copy the database file to see the model in a Database client

docker cp keycloak:/opt/keycloak/data/h2/keycloakdb.mv.db keycloakdb.mv.db

Enter the username sa and password password to connect to the database.

Example for the table USER_ENTITY

create table PUBLIC.USER_ENTITY
(
    ID                          CHARACTER VARYING(36) not null primary key,
    EMAIL                       CHARACTER VARYING(255),
    EMAIL_CONSTRAINT            CHARACTER VARYING(255),
    EMAIL_VERIFIED              BOOLEAN default FALSE not null,
    ENABLED                     BOOLEAN default FALSE not null,
    FEDERATION_LINK             CHARACTER VARYING(255),
    FIRST_NAME                  CHARACTER VARYING(255),
    LAST_NAME                   CHARACTER VARYING(255),
    REALM_ID                    CHARACTER VARYING(255),
    USERNAME                    CHARACTER VARYING(255),
    CREATED_TIMESTAMP           BIGINT,
    SERVICE_ACCOUNT_CLIENT_LINK CHARACTER VARYING(255),
    NOT_BEFORE                  INTEGER default 0     not null,
    constraint UK_DYKN684SL8UP1CRFEI6ECKHD7
        unique (REALM_ID, EMAIL_CONSTRAINT),
    constraint UK_RU8TT6T700S9V50BU18WS5HA6
        unique (REALM_ID, USERNAME)
);

You can also see the JPA entities definitions in the Github repository.