Table of Contents
- Base Installation
- Prerequisites
- Installation of Keycloak
- Configuration of Keycloak
- Configuration of the Olvid Plugin
- Upgrading
- Additional Configuration
- Configuration of an External IdP
- Using LDAP User Federation
- x509 Client Certificates Authentication
- Configure Olvid via an MDM
- Using the management console
- How to use the Console
- Misc.
- Changelog
Prerequisites
In order to run the Keycloak Olvid Plugin, you will need:
- a system administrator with some experience in Linux administration, networks and network security.
- a server on which to run the instance of Keycloak (any Linux distribution able to run Java 21, with a minimum of 1GB of available storage space and 2GB memory). Our internal tests are run mostly on Ubuntu 20.04 and 22.04 distributions, using the openjdk-21-jre-headless JVM.
- a public DNS accessible from the users’ mobile phones on port TCP:443
- this DNS can either point to a reverse proxy, or directly to the server hosting Keycloak .(in that case, you may run
nginxlocally on the server to act as the reverse proxy)
- this DNS can either point to a reverse proxy, or directly to the server hosting Keycloak .(in that case, you may run
- a valid certificate for this DNS, trusted on all major operating systems (Android, iOS, Windows, Linux, macOS).
- if you do not have a certification authority in your organisation, you may use a free Let’s Encrypt certificate.
- a database, compatible with JPA & JDBC (PostgreSQL, MySQL, Microsoft SQL, etc.) accessible from the Keycloak server. We recommend using PostgreSQL if possible.
- the possibility for this server to establish outbound HTTPS connections towards the Olvid distribution server at
server.olvid.io. - an API key (provided by the Olvid team).
When developing the Olvid Keycloak plugin, we run tests on instances running both natively or in containers. From our perspective, both options are equivalent, so feel free to choose the setup you are the most comfortable with.
Please proceed to the Installation of Keycloak section.
