Running Keycloak as a Windows Service


(Sam Vassy) #1

Does anyone have any experience configuring Keycloak to run as a windows service in version 12.1? The instructions provided are only for Linux/Unix. I am able to launch it manaully using start_keycloak.bat but it stops as soon as I logout.


(Evgeni Enchev) #2

Hi Sam,

The version of Keycloak, embedded in Ataccama, includes a Windows service installation script. Please follow the instructions below:

  1. Copy the [AtaccamaInstall]\keycloak\docs\contrib\service folder into [AtaccamaInstall]\keycloak\bin\
  2. In an administrator CMD or Powershell session navigate to [AtaccamaInstall]\keycloak\bin\service and run “.\service.bat install” command.

You should have the Keycloak service successfully deployed (under the name Wildfly) and be able to start/stop it, as explained here.

Have in mind that our startup script modifies some values - for example it makes Keycloak run on port 8083, instead of the default 8080. In order for these to apply to the service configuration, you will need to modify the standalone.xml file accordingly.

Kind regards,
Evgeni Enchev


(Sam Vassy) #3

I had already found the Wildfly service script and set it up as you described. But it was not launching my Keycloak instance. I assumed it had to do with running keycloak_start.bat but I didn’t know where to make the changes. I know where to fix the port offset in standalone.xml. What about the java_opts for including ataccamaone.json? Where do I set that? I also noticed that keycloak_start.bat calls standalone_fix.bat. What does that affect? Are there any other specific edits that I need to make?


(Evgeni Enchev) #4

Hello again Sam,
The mentioned script only installs the service, but you have to enable it manually in the Windows Service Manager. After you do so, does it have a status “Running”? Please check whether the port is not already occupied by another process and that prevents start. If the startup is succesful - does the Wildfly service listen on the desired port? You can use netstat to confirm.

Regarding the question about ataccamaone.json - it has to be imported only at the first run of the Keycloak instance. So in your case, it is already saved in the internal Keycloak H2 database.

Regards,
Evgeni Enchev


(Sam Vassy) #5

With additional help from Artem Setkin I have finally got this working. Prior to running service.bat install, it is necessary to modify service.bat as follows:

change
set CONTROLLER=localhost:9990
to
set CONTROLLER=localhost:9993

change
if “%START_SCRIPT%”=="" set START_SCRIPT=standalone.bat
to
if “%START_SCRIPT%”=="" set START_SCRIPT=standalone_fix.bat

In standalone.xml, in addition to changing the port offset from 0 to 3 you have to change the interfaces to allow external connections as follows:

change








to