Skip to main content

How to enable SSL with Keycloak

Jan Kubik
  • Updated

To enable SSL for the Keycloak Server you need to first prepare Certificate and Java Keystore. Detailed information on how it can be done and more details on Keycloak security can be found in Keycloak documentation:
https://www.keycloak.org/docs/latest/server_installation/#_setting_up_ssl

 

In this article, we will list just the required steps to enable SSL for the Keycloak with AlgoTrader.

  1. In the keycloak-X.X.X\standalone\configuration\standalone\standalone.xml file, the
    security-realms​ section should contain your new security realm:
     
    <security-realm name="UndertowRealm">
    <server-identities>
        <ssl>
                <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret" />
            </ssl>
        </server-identities>
    </security-realm>

    In path="keycloak.jks" set your jks file name and in keystore-password="secret" it's password.

  2. Next, modify the https-listener to use the created realm:
     
    <server name="default-server"> 
        <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
        <https-listener name="https" socket-binding="https" security-realm="UndertowRealm" enable-http2="true"/>
        ...
    </server>
  3. After that you just need to copy your jks file to the keycloak-X.X.X\standalone\configuration folder and restart Keycloak.

    Keycloak will be available here:

    https://localhost:8444/auth/

  4. On the AlgoTrader side it's now just needed to enable SSL it can be done in Config UI -> System Properties -> SSL -> ssl.enabled=true

    It's recommended to enable SSL as a VM argument in AlgoTrader:

    -Dssl.enabled=true

  5. There's a client in Keycloak called algotrader-dashboard which is used by AlgoTrader UI.
    Valid redirect URLs and web origins need to be configured for the algotrader-dashboard client.

    In keycloak admin console go to Clients -> algotrader-dashboard


    6. Configure Valid redirect URLs and web origins for your domain, it should contain https now.

 

The jetty.user and jetty.password properties are used to configure basic auth for AlgoTrader HTTP.
Keycloak and basic auth security should not be enabled at the same time.

 

More details about Keycloak in AlgoTrader can be found in our Reference Guide:

https://doc.algotrader.com/html_single/index.html#Auth

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk