spring Keycloak集成

🧙 Questions

Keycloak安装

☄️ Ideas

上传离线包

scp /Users/ispong/OneDrive/Downloads/docker/keycloak-26.1.4-amd64.tar root@47.92.35.2:/tmp
docker load -i /tmp/keycloak-26.1.4-amd64.tar

安装Keycloak

docker run \
  --name isxcode-keycloak \
  --privileged=true \
  --restart=always \
  -d \
  -p 8071:8080 \
  -e PROXY_ADDRESS_FORWARDING=true \
  -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
  -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
  quay.io/keycloak/keycloak:26.1.4 start-dev

关闭ssl

docker exec -it isxcode-keycloak bash
cd /opt/keycloak/bin
# 密码: admin
./kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin
./kcadm.sh update realms/master -s sslRequired=NONE
# ./kcadm.sh update realms/demo -s sslRequired=NONE

• 访问地址：http://106.15.77.49:8071/admin
• 账号：admin
• 密码：admin

创建一个领域（realm）

建议不使用中文
以demo为例

创建一个用户 (users)

创建ispong

设置密码ispong

创建一个客户端

clientId 为 demo_client_id

打开身份验证

clientSecret 为 bF7sdCC6RrA0cK4GmAHnXAJRJWrTBdTr
scope: openid

配置回调地址

至轻云配置参考： http://106.15.77.49:8080/ssoauth?clientId=demo_client_id
Valid redirect URIs: http://localhost:8080/vip/auth/open/getCode

找寻认证地址

• “authorization_endpoint”: “http://47.92.35.2:8081/realms/demo/protocol/openid-connect/auth"
• “userinfo_endpoint”: “http://47.92.35.2:8081/realms/demo/protocol/openid-connect/userinfo"
• “token_endpoint”: “http://47.92.35.2:8081/realms/demo/protocol/openid-connect/token"

用户返回接口

{
  "sub":"c49e9757-1e45-4051-bedc-1abf4ac60959",
  "email_verified":false,
  "preferred_username":"ispong"
}

🔗 Links

• spring docs