keycloak oauth2-client oauth2-server oidc terraform oauth2 saml saml-service-provider saml2

About

This initializes a Keycloak instance using the mrparkers/terraform-provider-keycloak Terraform provider.

This will:

Create a test Keycloak instance inside a docker container using docker compose.
Create the example realm.
- Create the alice user.
- Create the administrators group.
  - Assign the example-go-saml client administrator role.
  - Add the alice user as a member.
- Create the example-csharp-public-device client
- Create the example-go-confidential client.
- Create the example-go-saml client.
  - Create the administrator role.
- Create the example-react-public client.
Start the example example-csharp-public-device client (and test it).
- Uses the OAuth 2.0 Device Authorization Grant (aka Device Flow).
Start the example example-go-confidential client (and test it).
- Uses the OAuth 2.0 Authorization Code Grant.
- Uses the Proof Key for Code Exchange (PKCE) extension.
Start the example example-go-saml client (and test it).
- Uses SAML 2.0.
Start the example example-react-public client (and test it).
- Uses OAuth 2.0 Authorization Code Grant.
- Uses the Proof Key for Code Exchange (PKCE) extension.

Usage

Install docker compose.

Add the following to your machine hosts file:

127.0.0.1 keycloak.test
127.0.0.1 mail.test
127.0.0.1 example-go-confidential.test
127.0.0.1 example-go-saml.test
127.0.0.1 example-react-public.test

Start the environment:

./create.sh

Try the example applications displayed by the above command. E.g., try the OpenID Connect Confidential Client as the alice:alice user at:

http://example-go-confidential.test:8081/auth/login

When anything goes wrong, you can try to troubleshoot at:

docker compose logs --follow
http://keycloak.test:8080/realms/example/.well-known/openid-configuration (Keycloak OIDC configuration)
http://keycloak.test:8080/realms/example/protocol/saml/descriptor (Keycloak SAML configuration)
http://keycloak.test:8080 (Keycloak; login as admin:admin)
http://mail.test:8025 (MailHog (email server))
For SAML troubleshooting, you can use the browser developer tools to capture the requests/responses and paste them in the SAML Decoder & Parser at https://www.scottbrady91.com/tools/saml-parser.

Destroy everything:

./destroy.sh

List this repository dependencies (and which have newer versions):

export GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN'
./renovate.sh

Alternatives

About

Keycloak playground

keycloak oauth2-client oauth2-server oidc terraform oauth2 saml saml-service-provider saml2

Languages

Language:Go 25.5%Language:TypeScript 24.2%Language:Shell 19.5%Language:C# 9.5%Language:HCL 8.8%Language:Dockerfile 6.8%Language:JavaScript 3.2%Language:Python 1.0%Language:HTML 0.9%Language:Makefile 0.6%