keycloak #2

Supports: xenial bionic
Add to new model


Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box. You'll even get advanced features such as User Federation, Identity Brokering and Social Login.


This charm installs and configures RedHat's Keycloak. Keycloak is an open source identity and access management system. More info about Keycloak can be found here.

The charm expects a relation to a PostgreSQL Database Server.


Deploy Keycloak with the following command:

juju deploy cs:keycloak <name>

Add a relation to your PostgreSQL Database Server.

juju add-relation <name> postgresql:db

This will create a database with the name keycloak_<name>. When Keycloak is active you can browse the management console on http://ip-address:8080/auth/admin/master/console. Login as user admin and use the randomly generated password, which can be found in the status message of the application.

Known Limitations and Issues

Clustering is not supported yet, so this version of the charm should not be scaled.


This software was created at Tengu (powered by Qrama).


(string) Space separated list of extra deb packages to install.
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
(string) This is the Keycloak version the charm will use to install Keycloak. Using this version string the download url is composed:{version}/keycloak-{version}.tar.gz. Once the version is set and Keycloak is installed, changeing this config parameter won't have any effect.