Skip to content

thomasdarimont/keycloak-custom-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
bin
bin
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Custom Keycloak Server

Simple example for creating a custom Quarkus based Keycloak Distribution with 0 known CVEs.

Features

  • Create a custom Quarkus based Keycloak Distribution and Docker Image
  • Support for using your own extensions and themes
  • Support for removing unwanted Quarkus Extensions via maven dependency excludes
  • Support for latest patch levels for libraries with known CVEs
  • Support for secure Docker image based on alpine to avoid CVEs in base image.

An example for a Image scan with aqasec/trivy shows that this project can produce a custom Keycloak docker image with 0 known CVEs.

Build

Build custom distribution

mvn clean verify

Build with Integration Tests

mvn clean verify -Pwith-integration-tests

Build docker image

mvn clean verify docker:build

Build docker image with Zero (known) CVEs

Checkout the zero-cves Branch

git checkout zero-cves

or perform the following steps yourself:

  • Uncomment the h2 exclusions from the dependency section in the the pom.xml file.
  • Uncomment the db setting in src/main/resources/META-INF/keycloak.conf and set an appropriate value, e.g. postgres.

Then run the following command to build the image (defaults to thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT):

mvn clean verify docker:build -Ddocker.file=keycloak/Dockerfile.alpine

Scan

Scan the image with Aquasec Trivy

Before running the command below, ensure that the custom keycloak docker image was build successfuly.

java bin/scanImage.java --verbose --image-name=thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

Run

Run the custom distribution directly

The following example command shows how to run the custom Keycloak distribution against a postgres instance accessible on 127.0.0.1.

target/keycloak-*/bin/kc.sh \
   start \
   --http-enabled=true \
   --http-relative-path=auth \
   --hostname-strict=false \
   --hostname-strict-https=false \
   --db=postgres \
   --db-url-host=127.0.0.1 \
   --db-url-database=keycloak \
   --db-username=keycloak \
   --db-password=keycloak

Run the docker image

The following example command shows how to run the custom docker image against a postgres instance accessible on the docker host via 172.17.0.1 in this case.

docker run --rm -it \
    -p 8080:8080 \
    -e KEYCLOAK_ADMIN=keycloak \
    -e KEYCLOAK_ADMIN_PASSWORD=keycloak \
    thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT \
    start \
   --http-enabled=true \
   --http-relative-path=auth \
   --hostname-strict=false \
   --hostname-strict-https=false \
   --db=postgres \
   --db-url-host=172.17.0.1 \
   --db-url-database=keycloak \
   --db-username=keycloak \
   --db-password=keycloak

About

Custom Keycloak.X Server Distribution with selective features

Resources

Readme

License

Apache-2.0 license
Activity

Stars

24 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages