-
Notifications
You must be signed in to change notification settings - Fork 1
Configure HTTPS for Keycloak on OS X
###Make keystore accessible for Keycloak
goconf
cp keycloak/keystore/keycloak.jks $KEYCLOAK_HOME/standalone/configuration/
###Modify Keycloak configuration
cd $KEYCLOAK_HOME/standalone/configuration/
vi standalone.xml
Locate the <security-realms> element, and add the below content to that block
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="CEDAart34##$55" />
</ssl>
</server-identities>
</security-realm>
Locate the <server name="default-server"> element, add this line below the default http listener
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
Locate the <socket-binding-group element. You probably will need to modify the already existing https port. Change the line to the following:
<socket-binding name="https" port="${jboss.https.port:8543}"/>
###Verify the configuration
Start the server
gokk
./bin/standalone.sh
At this moment you don't have the root certificate in your trust store, so accessing from the browser should alert you about an invalid certificate. Do not add security exception at this moment:
https://auth.metadatacenter.orgx:8543/
However, you can test it from lynx, if you have it. If not, you can install it:
brew install lynx
And then test it:
lynx https://auth.metadatacenter.orgx:8543/