Scribd
Upload
266 views11 pages

All Configuration - Keycloak

The document provides a complete list of all configuration options for Keycloak, organized into sections for cache, storage, database, transactions, and features. It includes the configuration name, description, and default or possible values for each configuration parameter.

Uploaded by

hisyam darwis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
266 views11 pages

All Configuration - Keycloak

The document provides a complete list of all configuration options for Keycloak, organized into sections for cache, storage, database, transactions, and features. It includes the configuration name, description, and default or possible values for each configuration parameter.

Uploaded by

hisyam darwis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

30/03/2023, 11:02 All configuration - Keycloak

Guides / Server / All configuration

All configuration
Complete list of all build options and configuration for Keycloak

Search All Build options


Configuration

Cache
Value

 cache  ispn (default),


Defines the cache mechanism for high-availability. local

 cache-config-file 
Defines the file from which cache configuration should be loaded from.

 cache-stack  tcp , udp ,


Define the default stack to use for cluster communication and node kubernetes , ec2 ,
discovery. azure , google

Storage (Experimental)
Value

 storage  jpa , chm , hotrod ,


Experimental: Sets the default storage mechanism for all areas. file

 storage-area-auth-session  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for authentication sessions. file

 storage-area-authorization  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for authorizations. file

https://www.keycloak.org/server/all-config 1/11
30/03/2023, 11:02 All configuration - Keycloak

Value

 storage-area-client  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for clients. file

 storage-area-client-scope  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for client scopes. file

 storage-area-event-admin  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for admin events. file

 storage-area-event-auth  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for authentication and file
authorization events.

 storage-area-group  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for groups. file

 storage-area-login-failure  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for login failures. file

 storage-area-realm  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for realms. file

 storage-area-role  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for roles. file

 storage-area-single-use-object  jpa , chm , hotrod


Experimental: Sets a storage mechanism for single use objects.

 storage-area-user  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for users. file

 storage-area-user-session  jpa , chm , hotrod ,


Experimental: Sets a storage mechanism for user and client sessions. file

 storage-deployment-state-version-seed
Experimental: Secret that serves as a seed to mask the version number
of Keycloak in URLs.

 storage-file-dir
Experimental: Root directory for file map store.

 storage-hotrod-host
Experimental: Sets the host of the Infinispan server.

https://www.keycloak.org/server/all-config 2/11
30/03/2023, 11:02 All configuration - Keycloak

Value

 storage-hotrod-password
Experimental: Sets the password of the Infinispan user.

 storage-hotrod-port
Experimental: Sets the port of the Infinispan server.

 storage-hotrod-username
Experimental: Sets the username of the Infinispan user.

Database
Value

 db  dev-file (default),
The database vendor. dev-mem , mariadb ,
mssql , mysql ,
oracle , postgres

 db-password
The password of the database user.

 db-pool-initial-size
The initial size of the connection pool.

 db-pool-max-size 100 (default)


The maximum size of the connection pool.

 db-pool-min-size
The minimal size of the connection pool.

 db-schema
The database schema to be used.

 db-url
The full database JDBC URL.

 db-url-database
Sets the database name of the default JDBC URL of the chosen vendor.

 db-url-host
Sets the hostname of the default JDBC URL of the chosen vendor.

https://www.keycloak.org/server/all-config 3/11
30/03/2023, 11:02 All configuration - Keycloak

Value

 db-url-port
Sets the port of the default JDBC URL of the chosen vendor.

 db-url-properties
Sets the properties of the default JDBC URL of the chosen vendor.

 db-username
The username of the database user.

Transaction
Value

 transaction-xa-enabled  true (default),


If set to false, Keycloak uses a non-XA datasource in case the database false
does not support XA transactions.

Feature
Value

 features  account-api ,
Enables a set of one or more features. account2 , admin-
api , admin-fine-
grained-authz ,
admin2 ,
authorization ,
ciba , client-
policies , client-
secret-rotation ,
declarative-user-
profile , docker ,
dynamic-scopes ,
fips ,
impersonation , js-
adapter , kerberos ,
map-storage ,
openshift-

https://www.keycloak.org/server/all-config 4/11
30/03/2023, 11:02 All configuration - Keycloak

Value

integration , par ,
preview , recovery-
codes , scripts ,
step-up-
authentication ,
token-exchange ,
update-email , web-
authn

 features-disabled  account-api ,
Disables a set of one or more features. account2 , admin-
api , admin-fine-
grained-authz ,
admin2 ,
authorization ,
ciba , client-
policies , client-
secret-rotation ,
declarative-user-
profile , docker ,
dynamic-scopes ,
fips ,
impersonation , js-
adapter , kerberos ,
map-storage ,
openshift-
integration , par ,
preview , recovery-
codes , scripts ,
step-up-
authentication ,
token-exchange ,
update-email , web-
authn

Hostname

https://www.keycloak.org/server/all-config 5/11
30/03/2023, 11:02 All configuration - Keycloak

Value

 hostname
Hostname for the Keycloak server.

 hostname-admin
The hostname for accessing the administration console.

 hostname-admin-url
Set the base URL for accessing the administration console, including
scheme, host, port and path

 hostname-path
This should be set if proxy uses a different context-path for Keycloak.

 hostname-port -1 (default)
The port used by the proxy when exposing the hostname.

 hostname-strict true (default),


Disables dynamically resolving the hostname from request headers. false

 hostname-strict-backchannel true , false


By default backchannel URLs are dynamically resolved from request (default)
headers to allow internal and external applications.

 hostname-url
Set the base URL for frontend URLs, including scheme, host, port and
path.

HTTP/TLS
Value

 http-enabled true , false


Enables the HTTP listener. (default)

 http-host 0.0.0.0 (default)


The used HTTP Host.

 http-port 8080 (default)


The used HTTP port.

 http-relative-path  / (default)

https://www.keycloak.org/server/all-config 6/11
30/03/2023, 11:02 All configuration - Keycloak

Value

Set the path relative to / for serving resources.

 https-certificate-file
The file path to a server certificate or certificate chain in PEM format.

 https-certificate-key-file
The file path to a private key in PEM format.

 https-cipher-suites
The cipher suites to use.

 https-client-auth none (default),


Configures the server to require/request client authentication. request , required

 https-key-store-file
The key store which holds the certificate information instead of
specifying separate files.

 https-key-store-password password (default)


The password of the key store file.

 https-key-store-type
The type of the key store file.

 https-port 8443 (default)


The used HTTPS port.

 https-protocols TLSv1.3 (default)


The list of protocols to explicitly enable.

 https-trust-store-file
The trust store which holds the certificate information of the
certificates to trust.

 https-trust-store-password
The password of the trust store file.

 https-trust-store-type
The type of the trust store file.

Health

https://www.keycloak.org/server/all-config 7/11
30/03/2023, 11:02 All configuration - Keycloak

Value

 health-enabled  true , false


If the server should expose health check endpoints. (default)

Metrics
Value

 metrics-enabled  true , false


If the server should expose metrics. (default)

Proxy
Value

 proxy none (default), edge ,


The proxy address forwarding mode if the server is behind a reverse reencrypt ,
proxy. passthrough

Vault
Value

 vault  file
Enables a vault provider.

 vault-dir
If set, secrets can be obtained by reading the content of files within the
given directory.

Logging

https://www.keycloak.org/server/all-config 8/11
30/03/2023, 11:02 All configuration - Keycloak

Value

 log console (default),


Enable one or more log handlers in a comma-separated list. file , gelf

 log-console-color true , false


Enable or disable colors when logging to console. (default)

 log-console-format %d{yyyy-MM-dd

The format of unstructured console log entries. HH:mm:ss,SSS} %-5p [%c]

(%t) %s%e%n (default)

 log-console-output default (default),


Set the log output to JSON or default (plain) unstructured logging. json

 log-file data/log/keycloak.log

Set the log file path and filename. (default)

 log-file-format %d{yyyy-MM-dd

Set a format specific to file log entries. HH:mm:ss,SSS} %-5p [%c]

(%t) %s%e%n (default)

 log-file-output default (default),


Set the log output to JSON or default (plain) unstructured logging. json

 log-gelf-facility keycloak (default)


The facility (name of the process) that sends the message.

 log-gelf-host localhost (default)


Hostname of the Logstash or Graylog Host.

 log-gelf-include-location true (default),


Include source code location. false

 log-gelf-include-message-parameters true (default),


Include message parameters from the log event. false

 log-gelf-include-stack-trace true (default),


If set to true, occuring stack traces are included in the StackTrace field false
in the GELF output.

 log-gelf-level INFO (default)


The log level specifying which message levels will be logged by the
GELF logger.

 log-gelf-max-message-size 8192 (default)

https://www.keycloak.org/server/all-config 9/11
30/03/2023, 11:02 All configuration - Keycloak

Value

Maximum message size (in bytes).

 log-gelf-port 12201 (default)


The port the Logstash or Graylog Host is called on.

 log-gelf-timestamp-format yyyy-MM-dd HH:mm:ss,SSS

Set the format for the GELF timestamp field. (default)

 log-level info (default)


The log level of the root category or a comma-separated list of
individual categories and their levels.

Security (Preview)
Value

 fips-mode  non-strict , strict


Preview: Sets the FIPS mode.

On this page

Cache
Storage (Experimental)

Database
Transaction
Feature

Hostname
HTTP/TLS
Health
Metrics
Proxy

Vault
Logging

Security (Preview)

https://www.keycloak.org/server/all-config 10/11
30/03/2023, 11:02 All configuration - Keycloak

 Edit this guide

Sponsored by

https://www.keycloak.org/server/all-config 11/11

You might also like