Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Configure HTTPS for Keycloak on OS X

Jump to bottom
Martin O'Connor edited this page Feb 29, 2016 · 20 revisions

###Make keystore accessible for Keycloak

goconf
cp keycloak/keystore/keycloak.jks $KEYCLOAK_HOME/standalone/configuration/

###Modify Keycloak configuration

cd $KEYCLOAK_HOME/standalone/configuration/
vi standalone.xml

Locate the <security-realms> element, and add the below content to that block

<security-realm name="UndertowRealm">
  <server-identities>
    <ssl>
      <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="CEDAart34##$55" />
    </ssl>
  </server-identities>
</security-realm>

Locate the <server name="default-server"> element, add this line below the default http listener

<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

Locate the <socket-binding-group element. You probably will need to modify the already existing https port. Change the line to the following:

<socket-binding name="https" port="${jboss.https.port:8543}"/>

###Verify the configuration

Start the server

gokk
./bin/standalone.sh

At this moment you don't have the root certificate in your trust store, so accessing Keycloak from a browser on port 8543 as follows should alert you about an invalid certificate:

https://auth.metadatacenter.orgx:8543/

Do not add a security exception at this moment.

However, you can test it from the lynx browser, if you have it. If not, you can install it:

brew install lynx

And then test it:

lynx https://auth.metadatacenter.orgx:8543/

Lynx will alert you about the invalid SSL certificate. You can accept that and continue. The important thing is not to add the security exception to your default browser

Clone this wiki locally