Keycloak 17 & FileMaker: Installation & Configuration Tutorial Part 1: Ubuntu & MySQL
Lesson in Brief: Setting Up A Server With Ubuntu And MySQL In Preparation For Keycloak 17
We have previously written a complete and lengthy series about Keycloak, an Identity and Access Management solution that can be used with FileMaker to provide centralized management of users, multi-factor authentication, password-less authentication, act as a broker for other Identity Providers and more.
But the folks over at Keycloak HQ have been relentless in their pursuit of improvements to the software, and in mid February 2022, Keycloak 17 was released with a new underlying technology that requires us to revisit and update our deployment tutorial. So, let’s get to it!
As we have before, we need to acknowledge the excellent work from Wim Decorte and Steven Blackwell who have and continue to push the subject of security in the FileMaker platform. Our forays into Keycloak can entirely be attributed to their work in this area and we are indebted to them. Please read their series of white papers here to learn about various external authentication options for FileMaker.
We will be referring back to previous articles for certain steps and procedures, so if this is new to you, do read the introductory article of our previous series to get familar with what’s what.
Keycloak 17: What’s Changed?
Keycloak 16 and previous versions were built upon an underlying technology called WildFly. For a couple of years now, the Keycloak team have been working on transitioning away from WildFly to something called Quarkus, using the project name Keycloak.X. Well, that transition is complete and the first release of the new underlying technology is now fully supported and available as Keycloak 17.
This new and improved version promises to be “be lighter, faster, easier, more scalable, more cloud native, and a bunch of other things” according to Keycloak themselves. And our experience in testing Keycloak 17 confirms this. Deployment is far easier and Keycloak boots up far quicker — seconds rather than a minute or two.
While the underpinnings are completely new, if you’re already familar with Keycloak, you’ll be pleased to hear that much of the admin interface remains the same so there’s not a huge re-learning curve ahead of you there. In addition, if you’re using a version before 15.1.1, it fixes a known security vulnerability. So, it’s time to jump on the Quarkus Keycloak train — all aboard, we’re about to get going…
There are various ways of deploying Keycloak, but as we have before, we’ll be using a straight up Linux server. We’ll be using Ubuntu Server 20.04.3 LTS which you can download from here (Option 2). Next, figure out your hardware to install on:
- Hyper-V on Windows 10 (probably Windows 11 too but we’ve not upgraded yet!)
- Amazon Web Services or other cloud provider
- Old Mac Mini you have kicking around
- Something else…
You can follow our Part 1: Installing Ubuntu article if you need help with this. Once you have that installed and updated, with a command prompt at the ready, move on to the next section.
We’ll be using MySQL as the database for Keycloak and the steps to install are as we have done previously, but we’re including them here for completeness and clarity. First up, let’s make sure we’re at the root directory:
Now, install the MySQL server package, confirming yes at the prompt:
sudo apt install mysql-server
And then we’ll run the security script to set things up:
You’ll be asked a series of questions:
- If you wish to use the Validate Password component, which enforces password complexity. Given we’re trying to improve security, this is not a bad option to elect yes for.
- After that, enter your password for the MySQL root user — our placeholder for this is MYSQL_ADMIN_PASSWORD
- Next you’ll be asked to remove the anonymous user — select yes.
- And then disallow root login remotely — again yes.
- Then remove the test database.
- Finally, reload the privileges table.
Next, we’ll create our database.
Creating The Database
Creating the database is pretty straightforward… Be sure to switch out our placeholder MYSQL_DATABASE_PASSWORD with your own (note this is not the same password as the MYSQL_ADMIN_PASSWORD and if you set up password validation rules above, ensure it complies with those):
sudo mysqlCREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;CREATE USER 'keycloak'@'localhost' IDENTIFIED BY 'MYSQL_DATABASE_PASSWORD';GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';FLUSH PRIVILEGES;exit;
You should be back at the command prompt. And that’s it, we’re done with MySQL. Wait, what? Really? Is that all? Yup… Remember how we said above that deployment was much easier? Ladies and gentlemen, I present to you, Keycloak 17… No more messing around with XML.
For good measure, let’s reboot.
sudo shutdown -r now
For those of you that have traversed our previous Keycloak tutorials, are disappointed at how simple this has been so far and were expecting a scrolling, scrolling article, sorry. But also not sorry… To fill some page space though, a quick note on some tools we used during this testing and tutorial series.
- We’ve talked about this virtualization technology before
- It’s included in Windows and is free
- You can create Checkpoints, so if you mess something up or just want to experiment, you can revert back to the clean install of Ubuntu without having to start from scratch
- Run multiple instances of different operating systems or software on one machine
- Export images of operating systems/installations
- Again, it’s free — there’s nothing to stop you from trying out Keycloak!
- This is a Terminal replacement on Mac
- It’s free
- You can save Snippets, paste history, make notes and more
- We’ve only just started using this and the jury is still out but it seems to be a step up on the default Terminal program
- There are others such as Termius that we’ll be keeping an eye on too
So, we have our Linux server up and running with a MySQL database ready and waiting for Keycloak to hook into. Next up, that security beast that is SSL certificates. Onward to the next article, part two!