Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Configure HTTPS for Keycloak on RHEL 6.6

Jump to bottom
Attila Levente EGYEDI edited this page Mar 9, 2016 · 25 revisions

###Make the Keystore accessible for Keycloak

gocedar
cd CEDAR_CA
cp keycloak.jks $KEYCLOAK_HOME/standalone/configuration/

###Modify Keycloak configuration

cd $KEYCLOAK_HOME/standalone/configuration/
vi standalone.xml

Locate the <security-realms> element, and add the content below to that block.

Note: make sure to replace secret with the actual password!

<security-realm name="UndertowRealm">
  <server-identities>
    <ssl>
      <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret" />
    </ssl>
  </server-identities>
</security-realm>

Locate the <server name="default-server"> element and add a HTTPS listener to the default HTTP listener as follows:

<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

Locate the <socket-binding-group element. You probably will need to modify the already existing https port. Change the line to the following:

<socket-binding name="https" port="${jboss.https.port:8543}"/>

###Verify the configuration

Stop the server if it is running and restart it as follows:

gokk
./standalone.sh

At this moment you don't have the root certificate in your trust store, so accessing Keycloak from a browser on port 8543 as follows should alert you about an invalid certificate:

https://auth.metadatacenter.net:8543/

Do not add a security exception at this moment.

However, you can test it from the lynx browser, if you have it. If not, you can install it:

yum install lynx

And then test it:

lynx https://auth.metadatacenter.net:8543/

Lynx will alert you about the invalid SSL certificate. You can accept that and continue. The important thing is not to add the security exception to your default browser.

Clone this wiki locally