GuidesRecipesAPI ReferenceChangelogDiscussions
Log In

Install and Configure Keycloak for Modzy


The steps below take you through the process of installing Keycloak using the bitnami/keycloak helm charts and configuring a realm for use with Modzy


  1. Add the helm repository
helm repo add bitnami
  1. For ease of use, create a values yaml file, keycloak-values.yaml, for example with contents as follows (note the http/https service ports are set to 8080/8443 respectively as the default 80/443 will be used by modzy) :
  enabled: false
  type: LoadBalancer
    http: 8080
    https: 8443
    username: dbadmin
    password: your-db-admin-password

  adminUser: admin
  adminPassword: your-admin-password

  enabled: true
  usePem: true
  keystorePassword: your-keystore-password
  truststorePassword: your-truststore-password
  1. Create a kubernetes namespace for the keycloak installation (the following creates namespace keycloak) :
kubectl create namespace keycloak
  1. With the SSL certificate and key files present in the current directory, create a kubernetes secret with the command shown below.


i. Update the certificate and key file names (cert-file.crt _and _cert-key-file.crt) as needed to match your actual files.
ii. The name of the secret to be created, in this example must match the name used for the existingSecret parameter in the keycloak-values.yaml file created in step 2

kubectl create secret generic --from-file=tls.crt=cert-file.crt --from-file=tls.key=cert-key-file.key -n keycloak
  1. Install the keycloak helm chart (this assumes the keycloak-values.yaml file created in step 2 is present in the current directory
helm install -f keycloak-values.yaml keycloak bitnami/keycloak -n keycloak

This takes a brief few minutes to deploy. To check on the status of the deployment, execute the below (pod keycloak-0 in a Running 1/1 Ready state indicates successful deployment) :

root@ip-10-10-5-108:~# kubectl get pods -n keycloak
NAME                    READY   STATUS    RESTARTS   AGE
keycloak-0              1/1     Running   0          43m
keycloak-postgresql-0   1/1     Running   0          43m
svclb-keycloak-6rsk2    2/2     Running   0          43m
svclb-keycloak-jhgj9    2/2     Running   0          43m
svclb-keycloak-k25g4    2/2     Running   0          43m


Configuring Keycloak for use with Modzy involves creating the modzy realm and exporting the SAML metadata xml
(This assumes DNS has been configured to point to the keycloak instance)

  1. Navigate to the Keycloak landing page: and login to the Administration Console

  2. From the Realm dropdown, select Add realm

  1. Specify the name of the new realm as modzy and click the Create button
  1. With the modzy realm now created and within the context of the realm as shown below, click on Clients in the left navigation bar
  1. In the clients screen, click the create button to create a new client
  1. Specify com.modzy.saml.sp as the Client ID and saml for the protocol as shown below then click on Save
  1. In the resulting screen with more configuration options for the Client, set the following options (Save changes when done) :
    Sign Assertions: ON
    Client SIgnature Required: OFF
    Root URL:
    Valid Redirect URIs: /saml/*
    Base URL: /
  1. Navigate back to the Realm Settings screen as shown below, from the Endpoints field right-click and save the SAML 2.0 Identity Provider Metadata file for use with Modzy