https://hub.docker.com/r/keycloak/keycloak

https://github.com/keycloak/keycloak

docker pull keycloak/keycloak

docker save  keycloak/keycloak | gzip > /data/site/htmltoo.f/htmltoo.up/soft/docker.tar/keycloak-25.0.5-0.tar.gz

docker load < /data/docker.tar/keycloak-25.0.5-0.tar.gz

docker run -d -p 8081:8080  -p 9000:9000  --name keycloak   --hostname keycloak  --restart=always  -e KEYCLOAK_ADMIN='ihunter' -e KEYCLOAK_ADMIN_PASSWORD='wdqdmm@0'  keycloak/keycloak  start-dev

-默认

http://g.htmltoo.com:8081/admin

admin/admin

---创建一个领域

Create Realm -> htmltoo

---Create a user

Temporary to Off

将“临时”切换为“关闭”，以便用户在第一次登录时无需更新此密码

---Log in to the Account Console, 验证

http://g.htmltoo.com:8081/realms/htmltoo/account

---注册该应用程序

htmltoo  ->  Clients -> Create client  ->  

Client type: OpenID Connect    

Client ID:   htmltoo    

Always display in UI: OFF    

Standard flow is enabled.

Client authentication   on   # 更安全

-输入重定向url

Valid redirect URIs - > http://192.168.1.6:3210/*

-外网网址

Web origins to -> https://www.keycloak.org

docker run -d -p 8080:8080 --name key  --restart=always  -e KEYCLOAK_USER=ihunter -e KEYCLOAK_PASSWORD='wdqdmm@0'  -v /etc/localtime:/etc/localtime:ro  -e TZ=Asia/Shanghai  -e KEYCLOAK_BIND_ADDRESS=0.0.0.0 -e KEYCLOAK_ENABLE_TLS=false -v  /data/docker/tools/keycloak/themes:/opt/jboss/keycloak/themes:ro  -v /data/docker/tools/keycloak/keycloak-justauth-15.0.2-jar-with-dependencies.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-justauth-15.0.2-jar-with-dependencies.jar:ro  -v  /data/docker/tools/keycloak/data:/opt/jboss/keycloak/standalone/data  -v /data/file:/data/file  jboss/keycloak

docker run -d -p 8080:8080 --name key  --restart=always  -e KEYCLOAK_USER=ihunter -e KEYCLOAK_PASSWORD='wdqdmm@0'  -v /etc/localtime:/etc/localtime:ro  -e TZ=Asia/Shanghai  -e KEYCLOAK_BIND_ADDRESS=0.0.0.0 -e KEYCLOAK_ENABLE_TLS=false -v  /data/docker/tools/keycloak/themes:/opt/jboss/keycloak/themes:ro  -v /data/docker/tools/keycloak/keycloak-justauth-15.0.2-jar-with-dependencies.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-justauth-15.0.2-jar-with-dependencies.jar -v /data/file:/data/file  -e DB_VENDOR=mysql  -e DB_ADDR=b.htmltoo.com -e DB_PORT=3306 -e DB_DATABASE=keycloak  -e DB_USER=ihunter -e DB_PASSWORD=wdqdmm@m  -e PROXY_ADDRESS_FORWARDING=true  jboss/keycloak

docker exec -it key /bin/bash

cd /opt/jboss/keycloak/bin

./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user ihunter

./kcadm.sh update realms/master -s sslRequired=NONE

-使用中文界面

Realm Settings -> Themes开启 -> [Internationalization Enabled]  ->  zh-CN

http://b.htmltoo.com:8080

---作为客户端使用

-身份提供者

---作为服务端使用

-创建客户端

---安装其他扩展授权（微信，QQ，微博等）

https://github.com/halobug/keycloak-justauth

-身份提供者列表出现了很多授权三方

cp ./keycloak-justauth/temp/*   /data/docker/tools/keycloak/themes/base/admin/resources/partials/

cp -r ./keycloak-justauth/ui/font_iconfont  /data/docker/tools/keycloak/themes/common/resources/lib/

cp ./keycloak-justauth/ui/theme.properties   /data/docker/tools/keycloak/themes/login/

# 安装: maven:  https://abc.htmltoo.com/thread-45910.htm

# JDK安装:  https://abc.htmltoo.com/thread-46002.htm

cd  /opt/keycloak-justauth-main

mvn package

Building jar: /opt/keycloak-justauth-main/target/keycloak-justauth-15.0.2-jar-with-dependencies.jar

Keycloak是为现代应用系统和服务提供开源的认证和授权访问控制管理。Keycloak 实现了OpenID、OAuth2.0、SAML单点登录协议，同时提供 LDAP 和 Active Directory 以及 OpenID Connect、SAML2.0 IdPs、Github、Google 等第三方登录适配功能，能够做到非常简单的开箱即用。

https://zhuanlan.zhihu.com/p/414519631