About
Keycloak is an iam software that is OAuth 2.0 compliant.
It's java based and supports multiple realms (ie application user repository)
Getting started with docker
To start a local keycloak instance in a dev mode, with docker:
docker run --name keycloak --rm -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev
This run command uses the kc command line tool 1)
To see the command line options:
docker run --rm quay.io/keycloak/keycloak:21.1.1 --help
Once the docker server is started, you can login to http://localhost:8080
Enter the username admin and password admin to discover keycloak.
Database Schema
By default, the database is H2.
You can copy the database file to see the model in a Database client
docker cp keycloak:/opt/keycloak/data/h2/keycloakdb.mv.db keycloakdb.mv.db
Enter the username sa and password password to connect to the database.
Example for the table USER_ENTITY
create table PUBLIC.USER_ENTITY
(
ID CHARACTER VARYING(36) not null primary key,
EMAIL CHARACTER VARYING(255),
EMAIL_CONSTRAINT CHARACTER VARYING(255),
EMAIL_VERIFIED BOOLEAN default FALSE not null,
ENABLED BOOLEAN default FALSE not null,
FEDERATION_LINK CHARACTER VARYING(255),
FIRST_NAME CHARACTER VARYING(255),
LAST_NAME CHARACTER VARYING(255),
REALM_ID CHARACTER VARYING(255),
USERNAME CHARACTER VARYING(255),
CREATED_TIMESTAMP BIGINT,
SERVICE_ACCOUNT_CLIENT_LINK CHARACTER VARYING(255),
NOT_BEFORE INTEGER default 0 not null,
constraint UK_DYKN684SL8UP1CRFEI6ECKHD7
unique (REALM_ID, EMAIL_CONSTRAINT),
constraint UK_RU8TT6T700S9V50BU18WS5HA6
unique (REALM_ID, USERNAME)
);
You can also see the JPA entities definitions in the Github repository.