Keycloak Powered by GlobalSolutions

Keycloak is an open-source Java-based Identity and Access Management (IAM) tool that allows users to sign in once and access multiple applications without re-entering their credentials. Keycloak works by storing and managing user information, permissions, and other configuration data. It also supports a range of authentication protocols, including OpenID Connect, SAML, and OAuth2.

Keycloak is a separate server managed on a network, and applications are configured to point to and be secured by this server. When a user tries to access a browser application, they are redirected to the Keycloak authentication server to enter their credentials. This redirection isolates the user from the application, so the application never sees the user's credentials — instead it receives a cryptographically signed identity token or assertion.

Keycloak can be integrated with common Identity providers like Google, Microsoft, and more.

We have ensured the image is hardened to be secured from all existing vulnerabilities.

Why Subscribe to Our Offering in AWS Marketplace

We update the software constantly to the latest version to address security issues.
Customers can kick-start their core work right away with our pre-packaged AMIs.
Production-ready application stacks.

Accessing Your AMI from AWS Marketplace

To get started with your Keycloak stack:

Subscribe: Purchase the Keycloak AMI from the AWS Marketplace.
Connect via SSH:
- SSH into the instance using the following command:
```
ssh -i yourpemfile.pem ubuntu@<public-ip-of-your-server>
```
- Once logged in you will land in the home directory.

For more information, refer to the AWS Windows Instance Connection Guide.

Installation Paths and Versions

The Keycloak stack is installed in standard Linux directories for easy access:

Category	Packages	Version	Location
Java	Java	17	`/usr/bin/java`
Application Server	Keycloak	26.1.0	`/opt/keycloak-26.1.0/`

Getting Started with Keycloak

Keycloak is packaged as a system service and starts automatically when the server boots. It runs in dev mode which allows HTTP access. Port 8080 has been opened — use your EC2 instance's public IP to access the Keycloak admin console:

http://<your-ec2-public-ip>:8080

Accessing the Admin Console

Browse to http://<your-ec2-public-ip>:8080 to open the Keycloak admin console.
Log in with:
- Username: admin
- Password: admin

First-Time Setup: Change the default admin password immediately after your first login to secure your Keycloak instance.

Creating a Realm

Once you log in, the first step is to create a realm — a space where you manage users, roles, and groups, and the container for all authentication and authorization settings. After creating a realm you will create a Client to integrate your Identity providers.

Open the Keycloak Admin Console at http://<your-ec2-public-ip>:8080/admin.
Click master in the top-left navigation bar, then click Create Realm.
Enter your realm name in the Realm name field. Sample realms Test and dev have been pre-created for reference.

Integrating the Application

Once you create a realm, the next step is to configure the application you want authenticated through Keycloak. Navigate to the realm you created and select Clients from the left menu to create a new client that ties your application to Keycloak.

A sample app is provided by Keycloak at https://www.keycloak.org/app/. Use the client ID from this sample app when filling in the Client ID field while creating the client. Once the client is created your application is integrated with Keycloak.

Note: Since you are running in dev mode, go into the realm settings and disable HTTPS mode after creating the realm.

Adding Identity Providers

After integrating the application, the next step is to add Identity Providers. The steps below cover adding Google as an Identity Provider:

Go to the Google Developer Console and create a project.
Navigate into the project, go to the OAuth consent screen page, and provide the necessary information.
Once the OAuth consent is configured, create credentials — select OAuth client ID and choose Web application.
Add the redirect URI from the Keycloak Google Identity Provider page and paste it into the authorized redirect URIs field.
You will receive a Client ID and Client Secret — provide these on the Keycloak Identity Provider configuration page.
Once these steps are complete your application is authenticated through Keycloak.

We specialize in this integration and can also run it as a managed service if you find the integration complex. Please reach out to our support team if you need any assistance.

AWS Cost Optimizer — CloudInsider

Our other popular offering is the AWS Cost Optimizer aka CloudInsider, available in AWS Marketplace. This service has helped our customers save significantly on AWS and other cloud spending. It is easy to subscribe and you can see the savings in minutes.

▶ Watch Demo Video Subscribe on AWS Marketplace

Support

For any questions or assistance with our AWS Marketplace offering, reach out to us at support@theglobalsolutions.net.