I decided to take control of my own authN and authZ - might regret it later, but there is a lot of learning to be found when doing things yourself rather than using a service provided by others.
Standard installs are quite easy, but I wanted to use Microsoft SQL Server merely because that's what I am most familiar with. And Keycloak does support it.
However, I followed the official documentation and still it would not work and I would get errors around connection timeouts for some strange reason.
After a lot of googling with bing and binging google, I found that there was some extra configuration needed to support XA which Keycloak expects.
Configuring support for XA (eXtended Architecture)
Normally, you just care about the 1433 port, but for this to work you need to add some extra ports:
docker run \ -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=<YourStrong!Passw0rd>' \ -e 'MSSQL_RPC_PORT=135' -e 'MSSQL_DTC_TCP_PORT=51000' \ -p 1433:1433 -p 135:135 -p 51000:51000 \ -d mcr.microsoft.com/mssql/server:2019-latest
Once the SQL server is running, log on using your favourite tool and issue the following command to install support for XA:
Creating the Keycloak database
We now need to create the Keycloak database and add the database user with a XA role.
create database keycloak; create login keycloak with password = 'lol!Iusepasswords';
use master; sp_grantdbaccess 'keycloak', 'keycloak'; EXEC sp_addrolemember [SqlJDBCXAUser], 'keycloak'
use keycloak create user keycloak for login keycloak EXEC sp_addrolemember N'db_owner', N'keycloak' go
Launching Keycloak in production mode
If you dont have access to localhost then you need to specify the following environment variables to enable an admin account when you start Keycloak:
export KEYCLOAK_ADMIN=admin export KEYCLOAK_ADMIN_PASSWORD=omg..passwords..
/opt/keycloak/bin/kc.sh start --hostname=<hostname> --proxy edge --db-url-host <db_server> --db-username keycloak --db-password <db_password>