896f147075
* docs: Use BASH TCP redirect for HEALTHCHECK Add a BASH script to perform an in-container healtcheck. For the curious, here's how this works: 1. For the code within braces, a TCP connection is made to the keycloak's management port and a successful connection is redirected in the read-write fashion to the descriptor 0 (stdin). - When bash fails to connect (TCP RST), it ends up with an error right away. - When the connection is hanging (no reply till TCP retry timeout, usually about 1 minute), it just hangs, virtually being a subject to the HEALTHCHECK's timeout (which should be definitely smaller than the usual TCP retry timeout). 2. Then a simple hand-crafted HTTP HEAD request is sent to the socket using printf. This is supposed to always succeed, unless the send buffer of the socket is set ridiculously small on the target OS. In the other case it will just hang again, not being able to push all the bytes through, until that eventually happens or times out. 3. Next, the eventual response is being checked with grep to be the successful one. Only at this time it's return code (and the final) is 0. - When no response comes, it's hanging forever and is subject to timeout. - When a 503 response comes, grep doesn't match anything and returns 1. Closes: #38126 Signed-off-by: Vit Zikmund <vit.zikmund@themama.ai> * expanding bash healthcheck for scenarios that enable http health checks Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/guides/observability/health.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Update docs/guides/observability/health.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Update docs/guides/observability/health.adoc Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Vit Zikmund <vit.zikmund@themama.ai> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Open Source Identity and Access Management
Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.
Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
Help and Documentation
- Documentation
- User Mailing List - Mailing list for help and general questions about Keycloak
- Join #keycloak for general questions, or #keycloak-dev on Slack for design and development discussions, by creating an account at https://slack.cncf.io/.
Reporting Security Vulnerabilities
If you have found a security vulnerability, please look at the instructions on how to properly report it.
Reporting an issue
If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.
Getting started
To run Keycloak, download the distribution from our website. Unzip and run:
bin/kc.[sh|bat] start-dev
Alternatively, you can use the Docker image by running:
docker run quay.io/keycloak/keycloak start-dev
For more details refer to the Keycloak Documentation.
Building from Source
To build from source, refer to the building and working with the code base guide.
Testing
To run tests, refer to the running tests guide.
Writing Tests
To write tests, refer to the writing tests guide.
Contributing
Before contributing to Keycloak, please read our contributing guidelines. Participation in the Keycloak project is governed by the CNCF Code of Conduct.
Joining a community meeting is a great way to get involved and help shape the future of Keycloak.
Other Keycloak Projects
- Keycloak - Keycloak Server and Java adapters
- Keycloak QuickStarts - QuickStarts for getting started with Keycloak
- Keycloak Node.js Connect - Node.js adapter for Keycloak