Table of Contents
- Base Installation
- Prerequisites
- Installation of Keycloak
- Configuration of Keycloak
- Configuration of the Olvid Plugin
- Upgrading
- Additional Configuration
- Configuration of an External IdP
- Using LDAP User Federation
- x509 Client Certificates Authentication
- Configure Olvid via an MDM
- Using the management console
- How to use the Console
- Misc.
- Changelog
Prerequisites
In order to run the Keycloak Olvid Plugin, you will need:
- a system administrator with some experience in Linux administration, networks and network security.
- a server on which to run the instance of Keycloak (any Linux distribution able to run Java 17, with a minimum of 1GB of available storage space and 2GB memory). Our internal tests are run mostly on Ubuntu 20.04 and 22.04 distributions, both of them with the openjdk-17 headless JVM.
- a public DNS accessible from the users’ mobile phones on port TCP:443
- this DNS can either point to a reverse proxy, or directly to the server hosting Keycloak (in that case, you may run
nginxlocally on the server to act as the reverse proxy)
- this DNS can either point to a reverse proxy, or directly to the server hosting Keycloak (in that case, you may run
- a valid certificate for this DNS, trusted on both Android and iOS
- a database, compatible with JPA & JDBC (MySQL, PostgreSQL, Microsoft SQL, etc.) accessible from the Keycloak server. We recommend using PostgreSQL if possible.
- the possibility for this server to establish outbound HTTPS connections towards the Olvid distribution server at
server.olvid.io - an API key (provided by the Olvid team)
Keycloak (Quarkus) & Keycloak Legacy (WildFly)
The newest versions of the Keycloak Olvid Plugin no longer support Keycloak legacy.
At the end of 2022, Keycloak switched from the legacy WildFly engine to the newer Quarkus engine. Keycloak has ended support for the WildFly version with the last version being 19.0.3. The last version of the Olvid Plugin to support this legacy version is version 2.1.1. We strongly recommend using the newer Quarkus version with the latest version of the Olvid Plugin. You will benefit from the newest features and security fixes, in particular:
- a simplified installation process
- faster startup time
- a modern keycloak theme
- group management in Olvid
- improved user management
Also, the Quarkus engine was designed to run efficiently in Kubernetes or other container environments. When developing the Olvid Keycloak plugin, we run tests on instances running both natively or in containers. From our perspective, both options are equivalent, so feel free to choose the setup you are the most comfortable with.
Please proceed to the Installation of Keycloak section.
The legacy installation guide is only here to assist users still running this version.
