Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Configure HTTPS for Keycloak on OS X

Jump to bottom
Attila Levente EGYEDI edited this page Feb 25, 2016 · 20 revisions

###Make keystore accessible for Keycloak

goconf
cp keycloak/keystore/keycloak.jks $KEYCLOAK_HOME/standalone/configuration/

###Modify Keycloak configuration

cd $KEYCLOAK_HOME/standalone/configuration/
vi standalone.xml

Locate the <security-realms> element, and add the below content to that block

<security-realm name="UndertowRealm">
  <server-identities>
    <ssl>
      <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="CEDAart34##$55" />
    </ssl>
  </server-identities>
</security-realm>

Locate the <server name="default-server"> element, add this line below the default http listener

<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

Locate the <socket-binding-group element. You probably will need to modify the already existing https port. Change the line to the following:

<socket-binding name="https" port="${jboss.https.port:8543}"/>

###Verify the configuration

Start the server

gokk
./bin/standalone.sh

At this moment you don't have the root certificate in your trust store, so accessing from the browser should alert you about an invalid certificate. Do not add security exception at this moment:

https://auth.metadatacenter.orgx:8543/

However, you can test it from lynx, if you have it. If not, you can install it:

brew install lynx

And then test it:

lynx https://auth.metadatacenter.orgx:8543/
Clone this wiki locally