To access Keycloak with https

Vinod Kumar

unread,

Mar 20, 2023, 4:12:40 AM3/20/23

to Keycloak User

Hi team,

We are running keycloak 17 on standalone windows server. We are trying to enable https to access Keycloak. But adding the security-realms as like the older version is not working. Is there a document that we can refer to enable https please?

se...@xdam.com

unread,

Mar 21, 2023, 7:26:44 AM3/21/23

to Keycloak User

This is the current documentation for configuring TLS (should be relevant if you are using Quarkus): https://www.keycloak.org/server/enabletls

If you are using WildFly, try this: https://www.keycloak.org/docs/17.0/server_installation/index.html#_setting_up_ssl

Vinod Kumar

unread,

Mar 23, 2023, 1:01:37 PM3/23/23

to Keycloak User

Thank you so much for the doc. I have the certificate ready, but the steps are bit confusing.. Do I need to add security-realm in standalone.xml..? would you mind help in which files we have to add what details pls.. thank you so much in Advance.

Seth Foss

unread,

Mar 23, 2023, 2:01:30 PM3/23/23

to keyclo...@googlegroups.com

Based on your reference to standalone.xml, I am going to assume you are still using WildFly (not Quarkus). If this is a new instance, you should consider changing that approach since newer versions of Keycloak only support Quarkus. Also, I have found Quarkus to be easier, in general, to configure.

If you continue with WildFly, I think the most obscure part of those instructions are the CLI commands. It sounds like you've already got your Keystore setup ("I have the certificate ready").

In "Configure Keycloak to Use the Keystore", we're instructed to update the configuration using "the CLI" (steps 3 and 4). The CLI being references is the JBoss CLI - instructions on that here: https://www.keycloak.org/docs/17.0/server_installation/index.html#_start_cli

I can't give you much more specific guidance than that, because there are lots of differences depending on things like "If using domain mode", etc.

You can also follow the link to the WildFly SSL/TLS documentation, which also gives commands to be used by the previously mentioned JBoss CLI.

--
You received this message because you are subscribed to a topic in the Google Groups "Keycloak User" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/keycloak-user/3U9QiX5CJjk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/327d29f7-0c02-4b67-b5a4-9235c2132151n%40googlegroups.com.

Reply all

Reply to author

Forward