How to install Keycloak on Ubuntu / Rocky Linux [Step by Step]

Keycloak is an opensource identity and access management solution. Keycloak provides single-sign on capability. In this article we will see how to bring up a keycloak in a standalone environment.

Why Keycloak

  • In an organization, there will be multiple application which needs authentication and authorization. And if a user need to access to different apps, he will have to  perform the login to all the applications which he want to access. So each app need to handle the user login, management and registration. This approach is costly
  • With keycloak's, single sign on capability, user only need to authenticate once to get access to all the available application in an organization
  • Individual application doesn't need to take care about user registration, authentication and maintaining user database


Setup Details

Download keycloak package

Latest Available version of keycloak at the time of this article is 19.0.1, we download the tar from the official website

[root@localhost ~]# wget
--2022-08-24 19:03:48--
HTTP request sent, awaiting response... 200 OK
Length: 171578620 (164M) [application/octet-stream]
Saving to: ‘keycloak-19.0.1.tar.gz’

keycloak-19.0.1.tar.gz 100%[==========================================>] 163.63M 3.34MB/s in 54s

2022-08-24 19:04:44 (3.02 MB/s) - ‘keycloak-19.0.1.tar.gz’ saved [171578620/171578620]

Install openjdk

Openjdk installation is mandatory for keycloak to work. Compatibility of the java version also matters. The version java which is compatible with the keycloak version 19.0.1 is java 11. The compatibility matrix can be found in the official  page

java version

[root@localhost ~]# java --version
bash: java: command not found...
[root@localhost ~]# yum install java-11-openjdk-devel

Verify java installation

[root@localhost ~]# java --version
openjdk 11.0.16 2022-07-19 LTS
OpenJDK Runtime Environment (Red_Hat- (build 11.0.16+8-LTS)
OpenJDK 64-Bit Server VM (Red_Hat- (build 11.0.16+8-LTS, mixed mode, sharing)

Untar the tar package

The downloaded tar package need to be untared. Untaring will create a directory with name keycloak-x.x.x

[root@localhost ~]# tar -xzvf keycloak-19.0.1.tar.gz


Run the keycloak server

Keycloak server can be run by executing, a shell script which is present in the bin directory. Normally the keycloak server will be running on port 8080, but if we need to specify a custom port, it can be achieved by argument --http-port . In this article, i am providing a custom port 8083

[root@localhost ~]# ./keycloak-19.0.1/bin/ start-dev --http-port 8083
Updating the configuration and installing your custom providers, if any. Please wait.
 19:11:19,006 INFO [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 15336ms
 19:11:22,468 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false
 19:11:24,261 INFO [org.keycloak.common.crypto.CryptoIntegration] (main) Detected crypto provider: org.keycloak.crypto.def.DefaultCryptoProvider2022-08-24 19:11:26,293 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
 19:11:26,328 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
 19:11:26,342 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
 19:11:26,871 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.9.Final
 19:11:30,994 INFO [] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
 19:11:35,989 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_716903, Site name: null
 19:11:36,179 INFO [] (main) KC-SERVICES0050: Initializing master realm
 19:11:38,992 INFO [io.quarkus] (main) Keycloak 19.0.1 on JVM (powered by Quarkus 2.7.6.Final) started in 19.095s. Listening on:
 19:11:38,993 INFO [io.quarkus] (main) Profile dev activated.
 19:11:38,993 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
 19:11:38,999 WARN [org.keycloak.quarkus.runtime.KeycloakMain] (main) Running the server in development mode. DO NOT use this configuration in production.


Create Admin profile

  • The keycloak gui will be available on localhost in port 8083 via http protocol.
  • Once the page is loaded, we will have to create admin profile, below screen capture shows the same

How to install Keycloak on ubuntu

  • Login to the keycloak server with admin credentials

How to install Keycloak on ubuntu

  • After successful login, master realm page will be visible, where you can do custom changes for User management. But which is not in scope of this article

How to install Keycloak on ubuntu


Search on LinuxDataHub

Leave a Comment