Deploy Keycloak on Azure Cobalt 100-based Arm64 virtual machines for identity and access management
Introduction
Understand Keycloak for identity and access management on Azure Cobalt 100-based virtual machines
Create an Azure Cobalt 100-based Arm64 virtual machine
Allow access to Keycloak and the Flask application on Azure
Deploy Keycloak on an Azure Cobalt 100-based Arm64 virtual machine
Integrate a Flask OAuth2 application with Keycloak on an Azure Cobalt 100-based Arm64 virtual machine
Next Steps

  Log an issue

  Fork and edit

  Discuss on Discord

Configure external traffic for Keycloak and the Flask application

To allow external traffic for Keycloak and the Flask OAuth2 demo application on the Azure virtual machine, open the required ports in the network security group (NSG).

Note

For more information about Azure setup, see Getting started with Microsoft Azure .

Add inbound firewall rules in Azure

To expose the required ports for Keycloak and the Flask application, create firewall rules:

  1. Navigate to the Azure portal , go to Virtual Machines, and select your virtual machine.

Image Alt Text:Azure Portal Virtual machines page with the target Azure Cobalt 100-based Arm64 virtual machine selected before configuring network access for Keycloak.Azure Virtual machines page

  1. In the left menu, select Networking, then select Network settings.

Image Alt Text:Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100-based Arm64 virtual machine for configuring inbound access rules.Azure VM networking settings

  1. Navigate to Create port rule, and select Inbound port rule.

Image Alt Text:Azure Portal Create port rule menu with Inbound port rule selected for configuring Keycloak and Flask application access.Create inbound firewall rule

  1. Configure inbound security rules for the following ports:
PortPurposeRule name
8080Keycloak admin consoleallow-keycloak-8080
9000Keycloak health and management endpointallow-keycloak-9000
5000Flask OAuth2 demo applicationallow-flask-5000

Use the following settings for each rule:

  • Source: My IP address
  • Source IP addresses: (auto-populated with your current public IP)
  • Source port ranges: *
  • Destination: Any
  • Protocol: TCP
  • Action: Allow
Note

Setting Source to My IP address restricts access to the ports to your current machine only. If your public IP changes or you need to access the services from another machine, update the source IP in the NSG rule.

  1. After filling in the details, select Add to save each rule.

You can now access:

  • The Keycloak admin console on port 8080
  • The Keycloak health endpoint on port 9000
  • The Flask OAuth2 demo application on port 5000

What you’ve learned and what’s next

You’ve now configured the Azure network security group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application that you’ll build in the following sections.

Next, you’ll install Keycloak on the VM and configure PostgreSQL as the backend database.

Back
Next