DEV Community

Cover image for Openshift, Node and Keycloak
Austin Cunningham
Austin Cunningham

Posted on • Updated on

Openshift, Node and Keycloak

Node Express.js

Using keycloak-connect middleware you can protect your endpoints with Keycloak. I cover this in more detail here. Here are the basics install keycloak-connect in a express project.

'use strict';

const Keycloak = require('keycloak-connect');
const express = require('express');
const session = require('express-session');
const expressHbs = require('express-handlebars');

const app = express();

// Register 'handelbars' extension with The Mustache Express
app.engine('hbs', expressHbs({extname:'hbs',
  relativeTo: __dirname}));
app.set('view engine', 'hbs');

var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({ store: memoryStore });

  resave: false,
  saveUninitialized: true,
  store: memoryStore


//route protected with Keycloak
app.get('/test', keycloak.protect(), function(req, res){
  res.render('test', {title:'Test of the test'});

//unprotected route

app.use( keycloak.middleware( { logout: '/'} ));

app.listen(8000, function () {
  console.log('Listening at http://localhost:8000');
view raw
Enter fullscreen mode Exit fullscreen mode

I added a start script to the package.json.

"scripts": {
"start": "node app.js"
Enter fullscreen mode Exit fullscreen mode

Then pushed the changes to a remote git repo. I can now deploy this to Openshift from git. Click on New Project In Openshift , browse the catalog and select node and point to your git repo.

The project is deployed but Openshifts default port is 8080, As the expresss server is serving on 8000 we need to change this to get the route to resolve. We need to edit the Deployment config ,Service and the Route to change this.

Alt Text

You should now be able to click on the link and it should resolve. There is one further thing we need to do this app but that is after we get the Keycloak server up and running.


There is a Keycloak container designed to run with Openshift found here which I will use to deploy Keycloak. Click on Add to project and Deploy Image , add jboss/keycloak-openshift to the image name, and add two enviroment variables for the admin username (KEYCLOAK_USER) and password (KEYCLOAK_PASSWORD).

Alt Text

Once the build is finished you will see that no route was setup. Just click on create route and except the defaults.

Once the route is created you can click on it and got to the Keycloak landing page

Click on Administration Console and you can log in with the admin username(KEYCLOAK_USER) and password (KEYCLOAK_PASSWORD).Thats all your Keycloak server is up and running on Openshift.

Connecting the Express server to Keycloak

On the Keycloak server we need to create a Realm and create a Client in the realm, set the valid redirect url for the client i.e. point it at our express server on Openshift, Create a user in the realm and set its password and download the keycloak.json file to the root of our express app. I cover this in more details here. This is a quick overview.

Create a file in the route of your express server project call keycloak.json with the contents from the download e.g.

  "realm": "express",
  "auth-server-url": "",
  "ssl-required": "external",
  "resource": "express",
  "public-client": true,
  "confidential-port": 0
Enter fullscreen mode Exit fullscreen mode

Commit the changes and push to your remote repo. Then trigger a build for the express Pod to pull the changes from git and deploy them.

That’s it all should be working now.


Top comments (0)