Prerequisites

To run the Keycloak Olvid Plugin, you will need:

• a system administrator with some experience in Linux administration, networks and network security.
• a server on which to run the instance of Keycloak (any Linux distribution able to run Java 21, with a minimum of 1GB of available storage space and 2GB memory). Our internal tests are run mostly on Ubuntu distributions, using the openjdk-21-jre-headless JVM.
• a public FQDN reachable from the users’ mobile phones on port TCP:443
  • this FQDN can either point to a reverse proxy, or directly to the server hosting Keycloak (in that case, you may run nginx locally on the server to act as the reverse proxy).
• a valid certificate for this FQDN, trusted on all major operating systems (Android, iOS, Windows, Linux, macOS).
  • if you do not have a certification authority in your organisation, you may use a free Let’s Encrypt certificate.
• a database, compatible with JPA & JDBC (PostgreSQL, MySQL, Microsoft SQL, etc.), accessible from the Keycloak server. We recommend using PostgreSQL if possible.
• the possibility for this server to establish outbound HTTPS connections towards the Olvid distribution server at server.olvid.io.
• an API key (provided by the Olvid team).

When developing the Olvid Keycloak plugin, we run tests on instances running both natively or in containers. From our perspective, both options are equivalent, so feel free to choose the setup you are the most comfortable with. Support for managed Keycloak services (like those offered by Cloud-IAM and Clever-Cloud) should arrive soon.