Skip to content

Latest commit

 

History

History

docker

README.md

run Keycloak radius inside Docker

Install Docker

First, install and run Docker on your Linux server.

Download

Get the trusted build from the Docker Hub registry:

docker pull vassio/keycloak-radius-plugin

Download multiarch(amd64, arm64, arm/v7)

Get the trusted build from the Docker Hub registry:

docker pull vassio/keycloak-radius-plugin:latest-multiarch

How to use this image

Environment variables

This Docker image uses the following variables, that can be declared in an env file (example:

RADIUS_SHARED_SECRET="secret"
RADIUS_UDP=true
RADIUS_UDP_AUTH_PORT=1812
RADIUS_UDP_ACCOUNT_PORT=1813
RADIUS_RADSEC=false
RADIUS_RADSEC_PRIVATEKEY="/config/private.key"
RADIUS_RADSEC_CERTIFICATE="/config/public.crt"
RADIUS_DICTIONARY=""
RADIUS_COA=false
RADIUS_COA_PORT="3799"
  • RADIUS_SHARED_SECRET - Radius shared secret
  • RADIUS_UDP - use Radius auth and Account
  • RADIUS_UDP_AUTH_PORT - Auth port(if RADIUS_UDP = true)
  • RADIUS_UDP_ACCOUNT_PORT - Accounting port(if RADIUS_UDP = true)
  • RADIUS_RADSEC - use RadSec protocol
  • RADIUS_RADSEC_PRIVATEKEY - rsa private key for Rad Sec
  • RADIUS_RADSEC_CERTIFICATE - certificate for RadSec
  • RADIUS_COA -send disconnect message if the keycloak session has expired
  • RADIUS_COA_PORT - CoA port (Mikrotik:3799, Cisco:1700)
  • RADIUS_DICTIONARY - path to the dictionary file in freeradius format

Keycloak Configuration

Start the Keycloak Radius Server (dev mode)

Create a new Docker container from this image (replace ./radius.env with your own env file):

docker run -d --name keycloak-radius-plugin --env-file .example.radius.env --restart=always -p 8080:8080 -p1812:1812/udp -p1813:1813/udp vassio/keycloak-radius-plugin start-dev
  • arm64, arm/v7 version
docker run -d --name keycloak-radius-plugin --env-file .example.radius.env --restart=always -p 8080:8080 -p1812:1812/udp -p1813:1813/udp vassio/keycloak-radius-plugin:latest-multiarch start-dev

Start the Keycloak Radius Server (production mode)

Create a new Docker container from this image (replace ./radius.env with your own env file):

maltegrosse comment

RUN Instance

docker compose

docker network create docker_default
docker-compose -f docker/docker-compose-keycloak.yaml create
docker-compose -f docker/docker-compose-keycloak.yaml start

RadSec configuration

  1. generate private and Public Key

  2. docker-compose-keycloak.yaml:

RADIUS_RADSEC = 'true'
RADIUS_RADSEC_PRIVATEKEY = /config/private.key
RADIUS_RADSEC_CERTIFICATE = /config/public.crt

Example Radius Realm
Realm Radius-Realm-example
Radius Client Name Radius
User testUser
Password testUser
  1. login with testUser/testUser to http://localhost:8090/auth/realms/Radius-Realm-example/protocol/openid-connect/auth?client_id=account&redirect_uri=http%3A%2F%2Flocalhost%3A8090%2Fauth&state=0&response_type=code&scope=openid
  2. reset Radius Password

Logging

docker logs keycloak-radius-plugin -f

Bash shell inside container

To start a Bash session in the running container:

docker exec -it keycloak-radius-plugin bash

Bash shell inside container

To start a Bash session in the running container:

docker exec -it keycloak-radius-plugin bash

build and Run locally

docker stop keycloak-radius-plugin
docker rm keycloak-radius-plugin
set -e
docker build -t keycloak-radius-plugin .
docker run --env-file ./example.radius.env -e KEYCLOAK_ADMIN_PASSWORD="admin" -e KEYCLOAK_ADMIN="admin" --name=keycloak-radius-plugin keycloak-radius-plugin  start-dev

Deploy new release to dockerhub

./docker.publish.sh