Custom Keycloak.X Server Distribution with selective features

Related tags

Spring Boot keycloak-custom-server
Overview

Custom Keycloak Server

Simple example for creating a custom Quarkus based Keycloak Distribution with 0 known CVEs.

Features

  • Create a custom Quarkus based Keycloak Distribution and Docker Image
  • Support for using your own extensions and themes
  • Support for removing unwanted Quarkus Extensions via maven dependency excludes
  • Support for latest patch levels for libraries with known CVEs
  • Support for secure Docker image based on alpine to avoid CVEs in base image.

An example for a Image scan with aqasec/trivy shows that this project can produce a custom Keycloak docker image with 0 known CVEs.

Build

Build custom distribution

mvn clean verify

Build with Integration Tests

mvn clean verify -Pwith-integration-tests

Build docker image

mvn clean verify docker:build

Build docker image with Zero (known) CVEs

Checkout the zero-cves Branch

git checkout zero-cves

or perform the following steps yourself:

  • Uncomment the h2 exclusions from the dependency section in the the pom.xml file.
  • Uncomment the db setting in src/main/resources/META-INF/keycloak.conf and set an appropriate value, e.g. postgres.

Then run the following command to build the image (defaults to thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT):

mvn clean verify docker:build -Ddocker.file=keycloak/Dockerfile.alpine

Scan

Scan the image with Aquasec Trivy

Before running the command below, ensure that the custom keycloak docker image was build successfuly.

java bin/scanImage.java --verbose --image-name=thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

Run

Run the custom distribution directly

The following example command shows how to run the custom Keycloak distribution against a postgres instance accessible on 127.0.0.1.

target/keycloak-18.0.0/bin/kc.sh \
   start \
   --auto-build \
   --http-enabled=true \
   --http-relative-path=auth \
   --hostname-strict=false \
   --hostname-strict-https=false \
   --db=postgres \
   --db-url-host=127.0.0.1 \
   --db-url-database=keycloak \
   --db-username=keycloak \
   --db-password=keycloak

Run the docker image

The following example command shows how to run the custom docker image against a postgres instance accessible on the docker host via 172.17.0.1 in this case.

docker run --rm -it \
    -p 8080:8080 \
    -e KEYCLOAK_ADMIN=keycloak \
    -e KEYCLOAK_ADMIN_PASSWORD=keycloak \
    thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT \
    start \
   --auto-build \
   --http-enabled=true \
   --http-relative-path=auth \
   --hostname-strict=false \
   --hostname-strict-https=false \
   --db=postgres \
   --db-url-host=172.17.0.1 \
   --db-url-database=keycloak \
   --db-username=keycloak \
   --db-password=keycloak
You might also like...

This repository shows how to natively extend Quarkus with a custom ConfigSource to use AWS AppConfig values when injecting config properties with @ConfigProperty.

Using AWS AppConfig in a custom MicroProfile ConfigSource This repository shows how to natively extend Quarkus with a custom ConfigSource to use AWS A

May 19, 2022

Simple springboot API for addressBook. Supports all REST controllers and have custom error handling for every specific case, also supports redis caching.

Simple springboot API for addressBook. Supports all REST controllers and have custom error handling for every specific case, also supports redis caching.

AddressBook-SpringBoot-API Simple Springboot API for addressBook with redis cache. Supports all REST controllers and have custom error handling for ev

Jan 21, 2022

CraftingLib - Simple library for creating custom craftings

CraftingLib - Simple library for creating custom craftings

Dec 5, 2022

Spring JPA @Query for custom query in Spring Boot example

Spring JPA @Query example (Custom query) in Spring Boot Use Spring JPA @Query for custom query in Spring Boot example: Way to use JPQL (Java Persisten

Dec 3, 2022

A Mixin framework for Spigot/Bukkit that allows you to hook custom event anywhere

A Mixin framework for Spigot/Bukkit that allows you to hook custom event anywhere

A Mixin framework for Spigot/Bukkit that allows you to hook custom event anywhere. Start coding your advanced plugins today!

Nov 30, 2022

Forge 1.18 Custom Base Client

Phase Forge 1.18 Custom Base Client. Hello! no im not back this is more of a when im bored thing. wanted to code so i decided i would make my own cust

Dec 2, 2022

Customizable calendar with animations and ability to select a day, a week, a month or a custom range

Customizable calendar with animations and ability to select a day, a week, a month or a custom range

📅 RangeCalendarView A customizable, easy-to-use calendar with range selection Screenshots Getting started This library is available on Maven Central,

May 20, 2022

Add custom auth options (e.g. face unlock) to your phone using Xposed.

UniversalAuth This project aims to bring a variety of custom authentication options to various Android ROMs. Your phone needs to have Xposed (or EdXpo

Dec 29, 2022

Custom Minecraft death messages

Death Messages Plus by Zyneak Customize the death messages of your Minecraft server. Official release version hosted here https://www.curseforge.com/m

Jul 2, 2022
Owner
Thomas Darimont
Spring Team Alumni & Open Sourcerer tutorials.de Admin AD @keycloak maintainer @jugsaar founder @webworkersaar organizer
Thomas Darimont
GitHub
Tencent Kona JDK17 is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-Term Support(LTS) with quarterly updates.

Tencent Kona JDK17 Tencent Kona JDK17 is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-Term Support(LTS) w

Tencent 59 Nov 30, 2022
Keycloak Login Recaptcha

Keycloak Login Recaptcha Keycloak supports the recaptcha in the registration flow but not in the login flow at this time. That's why this repository i

null 7 Jun 4, 2022
Keycloak - an Open Source Identity and Access Management tool

Keycloak is an Open Source Identity and Access Management tool. You can use it to add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.

Erdem Günay 9 Sep 20, 2022
An extension for Keycloak, that enables web-based sign in with Apple and token exchange

Apple Identity Provider for Keycloak ?? This repository represents an extension for Keycloak, which enables Sign in with Apple for web-based applicati

Klaus Betz 58 Dec 29, 2022
💡极致性能的企业级Java服务器框架,RPC,游戏服务器框架,web应用服务器框架。(Extreme fast enterprise Java server framework, can be RPC, game server framework, web server framework.)

?? 为性能而生的万能服务器框架 ?? Ⅰ. zfoo简介 ?? 性能炸裂,天生异步,Actor设计思想,无锁化设计,基于Spring的MVC式用法的万能RPC框架 极致序列化,原生集成的目前二进制序列化和反序列化速度最快的 zfoo protocol 作为网络通讯协议 高可拓展性,单台服务器部署,

null 1k Jan 1, 2023
Melnica Server is a custom basic Servlet Container application which depends on Socket Programming.

Melnica Server Melnica Server is a custom basic Servlet Container application which depends on Socket Programming. The Description of Project Melnica

Batuhan Düzgün 18 Jun 26, 2022
Custom Lilypad QA server&client

Rosepad Server&Client Rosepad is a custom Lilypad QA server/client based on Smaed's unofficial jars focused on adding new features to the game. Instal

Buj 13 Dec 24, 2022
Custom Lilypad QA server&client

Rosepad Server&Client Rosepad is a custom Lilypad QA server/client based on Smaed's unofficial jars focused on adding new features to the game. Instal

Rosepad 10 Aug 5, 2022
SlimeVR-Server - Server app for SlimeVR ecosystem

SlimeVR Server Server app for SlimeVR ecosystem Server orchestrates communication between multiple sensors and integrations, like SteamVR. Sensors imp

null 362 Dec 31, 2022
This is a simple realization of custom messages pre/post processing in spring-boot HTTP/Stream requests & responses

spring-boot-custom-message-converting-instances This is a simple realization of custom messages converting in spring-boot HTTP requests and responses.

Innopolis University Java Team 1 Jul 22, 2022