Keycloak Kong Guide

Categories

Run Keycloak, Kong, Konga, Postgres in Docker container

Create a dedicated bridge in Docker

docker network create kong

Start Kong

docker run -d --name postgres-kong \
    --network=kong \
    -p 5432:5432 \
    -e "POSTGRES_USER=kong" \
    -e "POSTGRES_DB=kong" \
    postgres:9.6

docker run --rm \
    --network=kong \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=postgres-kong" \
    kong:latest kong migrations bootstrap

 docker run -d --name kong \
    --network=kong \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=postgres-kong" \
    -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
    -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
    -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
    -p 8000:8000 \
    -p 8443:8443 \
    -p 8001:8001 \
    -p 8444:8444 \
    kong:latest

Start Konga

docker run -d --name postgres-konga \
    --network=kong \
    -e "POSTGRES_USER=konga" \
    -e "POSTGRES_DB=konga" \
    -e "POSTGRES_PASSWORD=konga" \
    postgres:9.6
  • users.txt 
    module.exports = [
      {
          "username": "admin",
          "email": "[email protected]",
          "firstName": "Song",
          "lastName": "Sun",
          "node_id": "http://kong:8001",
          "admin": true,
          "active" : true,
          "password": "password"
      }
  ]
  • kong-nodes.txt 
    module.exports = [
  {
      "name": "Kong",
      "kong_admin_url": "http://kong:8001",
      "type": "default",
      "health_checks": false,
  }
]

docker run -d --name konga \
    -p 1337:1337 \
    --network kong \
    -v $(pwd)/users.txt:/root/users.txt \
    -v $(pwd)/kong-nodes.txt:/root/kong-nodes.txt \
    -e "TOKEN_SECRET=secret" \
    -e "DB_ADAPTER=postgres" \
    -e "DB_HOST=postgres-konga" \
    -e "DB_PORT=5432" \
    -e "DB_USER=konga" \
    -e "DB_PASSWORD=konga" \
    -e "DB_DATABASE=konga" \
    -e "NODE_ENV=development" \
    -e "KONGA_SEED_KONG_NODE_DATA_SOURCE_FILE=/root/kong-nodes.txt" \
    -e "KONGA_SEED_USER_DATA_SOURCE_FILE=/root/users.txt" \
    --name konga \
    pantsel/konga

Start Konga

docker run -d --name postgres-keycloak \
    --net kong \
    -e POSTGRES_DB=keycloak \
    -e POSTGRES_USER=keycloak \
    -e POSTGRES_PASSWORD=keycloak \
    postgres:9.6

docker run -d --name keycloak \
    --net kong \
    -p 8080:8080 \
    -e DB_ADDR=postgres-keycloak \
    -e DB_DATABASE=keycloak \
    -e DB_USER=keycloak \
    -e DB_PASSWORD=keycloak \
    -e KEYCLOAK_USER=admin \
    -e KEYCLOAK_PASSWORD=password \
    jboss/keycloak

Manual Steps

Keycloak

  • Add Realm dev
  • Add Client dev-client
  • Add Role admin to Client dev-client
  • Add Group admin
  • Add Role admin in Client Roles dev-client to Group admin
  • Add User song, set password and assign it to Group admin
  • You now can authenticate user using API
  • Get RS256 Public Key in the Key tab of the Realm Settings
curl -i -X POST -d "username=username&password=password&grant_type=password&client_id=dev-client" \
    http://127.0.0.1:8080/auth/realms/dev/protocol/openid-connect/token

Kong

  • Create a consumer
  • Add JWT Credentials to that consumer with public key got from Keycloak

Run script in a Python Env

docker run -ti --name python python:3.7.3-stretch python

Reference