Keycloak Installation & Reset Guide (Linux - Non-Docker)

Edit Page New Page Revisions

📌 Overview

This guide explains how to cleanly install and reset Keycloak on a Linux VM without using Docker. It also includes instructions to resolve issues like reused admin credentials, local access restrictions, and startup errors.

🔁 Step 1: Stop and Remove Old Keycloak Installation

If Keycloak is running manually:

bash
pkill -f kc.sh

Then remove the existing installation directory:

bash
rm -rf ~/keycloak-26.2.5

If you installed Keycloak elsewhere, adjust the path accordingly.

If you're using the built-in H2 database (default), this deletion also removes all Keycloak data (realms, users, clients, etc.). No need to delete a separate DB.

📦 Step 2: Download and Install a Fresh Keycloak

Navigate to your home or preferred directory and run:

bash
wget https://github.com/keycloak/keycloak/releases/download/26.2.5/keycloak-26.2.5.zip unzip keycloak-26.2.5.zip 
cd keycloak-26.2.5

This installs Keycloak in a folder named keycloak-26.2.5.

👤 Step 3: Create Admin User Automatically

Before starting Keycloak, set environment variables to define your admin user:

bash
export KEYCLOAK_ADMIN="username" 
export KEYCLOAK_ADMIN_PASSWORD="your_password"

🚀 Step 4: Start Keycloak in Development Mode

Run:

bash
./bin/kc.sh start-dev

This starts Keycloak in development mode with:

  • HTTP access on port 8080

  • Automatic admin user creation

  • No SSL/HTTPS required

🌐 Step 5: Access Keycloak

Open your browser and go to:

cpp
http://<your-vm-ip>:8080

Login with:

  • Username: Username

  • Password: Your_password

❗ Troubleshooting Notes

  • If you see "Local access required", it means the admin user wasn’t created. Make sure to set KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD before running start-dev.

  • If using ./kc.sh start (production mode), Keycloak requires HTTPS unless you explicitly enable HTTP using:

    bash
./kc.sh config set --http-enabled=true 
./kc.sh build 
./kc.sh start

📝 Optional: Make Startup Script

Create a script to start Keycloak with admin credentials every time:

bash
#!
export KEYCLOAK_ADMIN=admin 
export KEYCLOAK_ADMIN_PASSWORD=Your_password 
/home/keycloak/keycloak-26.2.5/bin/kc.sh start-dev

Make it executable:

bash
chmod +x start-keycloak.sh

✅ Conclusion

You now have a fully clean, reset, and working Keycloak installation running in development mode with a new admin user. This setup is perfect for internal use, testing, or integration labs. You can later move to production mode with HTTPS as needed.


Previous Page

Left

Next Page

Right
On this page