Skip to content

Latest commit

 

History

History
135 lines (103 loc) · 4.54 KB

README.md

File metadata and controls

135 lines (103 loc) · 4.54 KB

run Keycloak radius inside Docker

Install Docker

First, install and run Docker on your Linux server.

Download

Get the trusted build from the Docker Hub registry:

docker pull vassio/keycloak-radius-plugin

Download multiarch(amd64, arm64, arm/v7)

Get the trusted build from the Docker Hub registry:

docker pull vassio/keycloak-radius-plugin:latest-multiarch

How to use this image

Environment variables

This Docker image uses the following variables, that can be declared in an env file (example:

RADIUS_SHARED_SECRET="secret"
RADIUS_UDP=true
RADIUS_UDP_AUTH_PORT=1812
RADIUS_UDP_ACCOUNT_PORT=1813
RADIUS_RADSEC=false
RADIUS_RADSEC_PRIVATEKEY="/config/private.key"
RADIUS_RADSEC_CERTIFICATE="/config/public.crt"
RADIUS_DICTIONARY=""
RADIUS_COA=false
RADIUS_COA_PORT="3799"
  • RADIUS_SHARED_SECRET - Radius shared secret
  • RADIUS_UDP - use Radius auth and Account
  • RADIUS_UDP_AUTH_PORT - Auth port(if RADIUS_UDP = true)
  • RADIUS_UDP_ACCOUNT_PORT - Accounting port(if RADIUS_UDP = true)
  • RADIUS_RADSEC - use RadSec protocol
  • RADIUS_RADSEC_PRIVATEKEY - rsa private key for Rad Sec
  • RADIUS_RADSEC_CERTIFICATE - certificate for RadSec
  • RADIUS_COA -send disconnect message if the keycloak session has expired
  • RADIUS_COA_PORT - CoA port (Mikrotik:3799, Cisco:1700)
  • RADIUS_DICTIONARY - path to the dictionary file in freeradius format

Keycloak Configuration

Start the Keycloak Radius Server (dev mode)

Create a new Docker container from this image (replace ./radius.env with your own env file):

docker run -d --name keycloak-radius-plugin --env-file .example.radius.env --restart=always -p 8080:8080 -p1812:1812/udp -p1813:1813/udp vassio/keycloak-radius-plugin start-dev
  • arm64, arm/v7 version
docker run -d --name keycloak-radius-plugin --env-file .example.radius.env --restart=always -p 8080:8080 -p1812:1812/udp -p1813:1813/udp vassio/keycloak-radius-plugin:latest-multiarch start-dev

Start the Keycloak Radius Server (production mode)

Create a new Docker container from this image (replace ./radius.env with your own env file):

maltegrosse comment

RUN Instance

docker compose

docker network create docker_default
docker-compose -f docker/docker-compose-keycloak.yaml create
docker-compose -f docker/docker-compose-keycloak.yaml start

RadSec configuration

  1. generate private and Public Key

  2. docker-compose-keycloak.yaml:

RADIUS_RADSEC = 'true'
RADIUS_RADSEC_PRIVATEKEY = /config/private.key
RADIUS_RADSEC_CERTIFICATE = /config/public.crt

Example Radius Realm
Realm Radius-Realm-example
Radius Client Name Radius
User testUser
Password testUser
  1. login with testUser/testUser to http://localhost:8090/auth/realms/Radius-Realm-example/protocol/openid-connect/auth?client_id=account&redirect_uri=http%3A%2F%2Flocalhost%3A8090%2Fauth&state=0&response_type=code&scope=openid
  2. reset Radius Password

Logging

docker logs keycloak-radius-plugin -f

Bash shell inside container

To start a Bash session in the running container:

docker exec -it keycloak-radius-plugin bash

Bash shell inside container

To start a Bash session in the running container:

docker exec -it keycloak-radius-plugin bash

build and Run locally

docker stop keycloak-radius-plugin
docker rm keycloak-radius-plugin
set -e
docker build -t keycloak-radius-plugin .
docker run --env-file ./example.radius.env -e KEYCLOAK_ADMIN_PASSWORD="admin" -e KEYCLOAK_ADMIN="admin" --name=keycloak-radius-plugin keycloak-radius-plugin  start-dev

Deploy new release to dockerhub

./docker.publish.sh