<chapter id="openshift">
<title>Running Keycloak Server on OpenShift</title>
<para>
Keycloak provides a OpenShift cartridge to make it easy to get it running on OpenShift. If you don't already
have
an account or don't know how to create applications go to
<ulink url="https://www.openshift.com/"/>
first. You can
create the Keycloak instance either with the web tool or the command line tool, both approaches are described
below.
</para>
<warning>
<para>
It's important that immediately after creating a Keycloak instance you open the <literal>Administration Console</literal>
and login to reset the password. If this is not done anyone can easily gain admin rights to your Keycloak instance.
</para>
</warning>
<section>
<title>Create Keycloak instance with the web tool</title>
<para>
Open
<ulink url="https://openshift.redhat.com/app/console/applications"/>
and click on <literal>Add Application</literal>.
Scroll down to the bottom of the page to find the
<literal>Code Anything</literal>
section. Insert
<literal>http://cartreflect-claytondev.rhcloud.com/github/keycloak/openshift-keycloak-cartridge</literal>
into the
<literal>URL to a cartridge definition</literal>
field and click on <literal>Next</literal>. Fill in the
following form and click on <literal>Create Application</literal>.
</para>
<para>
Click on <literal>Continue to the application overview page</literal>. Under the list of applications you should
find your Keycloak instance and the status should be <literal>Started</literal>. Click on it to open the Keycloak
servers homepage.
</para>
</section>
<section>
<title>Create Keycloak instance with the command-line tool</title>
<para>
Run the following command from a terminal:
<programlisting>rhc app create <APPLICATION NAME> http://cartreflect-claytondev.rhcloud.com/github/keycloak/openshift-keycloak-cartridge</programlisting>
Replace <literal><APPLICATION NAME></literal> with the name you want (for example keycloak).
</para>
<para>
Once the instance is created the rhc tool outputs details about it. Open the returned <literal>URL</literal> in a
browser to open the Keycloak servers homepage.
</para>
</section>
<section>
<title>Next steps</title>
<para>
The Keycloak servers homepage shows the Keycloak logo and <literal>Welcome to Keycloak</literal>.
There is also a link to the <literal>Administration Console</literal>. Open that and log in using username
<literal>admin</literal> and password <literal>admin</literal>. On the first login you are required to change the password.
</para>
<tip>
<para>
On OpenShift Keycloak has been configured to only accept requests over https. If you try to use http
you will be redirected to https.
</para>
</tip>
</section>
</chapter>