nginx · pdabelf5 · Oct 7, 2025 · Oct 6, 2025 · Oct 7, 2025
@@ -66,7 +66,7 @@ To set up Keycloak:
 
 3. Create a new Client called `jwks-client`. This can be done by selecting the `Client`s tab on the left and then
    selecting `Create client`.
-   - When creating the Client, ensure both `Client authentication` and `Authorization` are enabled.
+   - When creating the Client, ensure both `Client authentication`, `Authorization` & `Direct access grants` are enabled.
 
 4. Once the client is created, navigate to the `Credentials` tab for that client and copy the client secret.
    - This can be saved in the `SECRET` shell variable for later:
@@ -75,7 +75,7 @@ To set up Keycloak:
       export SECRET=<client secret>
       ```
 
-5. Create a new User called `jwks-user` by selecting the Users tab on the left and then selecting Create client.
+5. Create a new User called `jwks-user` by selecting the Users tab on the left and then selecting Create client.  Ensure an email, first & last name are set.
 
 6. Once the user is created, navigate to the `Credentials` tab for that user and select `Set password`. For this example
    the password can be whatever you want.

@@ -31,15 +31,17 @@ spec:
     spec:
       containers:
       - name: keycloak
-        image: quay.io/keycloak/keycloak:20.0.5
+        image: quay.io/keycloak/keycloak:26.4.0
         args: ["start-dev"]
         env:
-        - name: KEYCLOAK_ADMIN
+        - name: KC_BOOTSTRAP_ADMIN_USERNAME
           value: "admin"
-        - name: KEYCLOAK_ADMIN_PASSWORD
+        - name: KC_BOOTSTRAP_ADMIN_PASSWORD
           value: "admin"
-        - name: KC_PROXY
-          value: "edge"
+        - name: KC_HTTP_ENABLED
+          value: "true"
+        - name: KC_PROXY_HEADERS
+          value: "xforwarded"
         ports:
         - name: http
           containerPort: 8080

@@ -31,15 +31,17 @@ spec:
     spec:
       containers:
       - name: keycloak
-        image: quay.io/keycloak/keycloak:25.0.2
+        image: quay.io/keycloak/keycloak:26.4.0
         args: ["start-dev"]
         env:
-        - name: KEYCLOAK_ADMIN
+        - name: KC_BOOTSTRAP_ADMIN_USERNAME
           value: "admin"
-        - name: KEYCLOAK_ADMIN_PASSWORD
+        - name: KC_BOOTSTRAP_ADMIN_PASSWORD
           value: "admin"
-        - name: KC_PROXY
-          value: "edge"
+        - name: KC_HTTP_ENABLED
+          value: "true"
+        - name: KC_PROXY_HEADERS
+          value: "xforwarded"
         ports:
         - name: http
           containerPort: 8080

@@ -7,7 +7,7 @@ This guide will help you configure KeyCloak using Keycloak's API:
 
 **Notes**:
 
-- This guide has been tested with keycloak 19.0.2 and later. If you modify `keycloak.yaml` to use an older version,
+- This guide has been tested with keycloak 26.4.0 and later. If you modify `keycloak.yaml` to use an older version,
   Keycloak may not start correctly or the commands in this guide may not work as expected. The Keycloak OpenID
   endpoints `oidc.yaml` might also be different in older versions of Keycloak.
 - if you changed the admin username and password for Keycloak in `keycloak.yaml`, modify the commands accordingly.