Deploy Keycloak on Azure Cobalt 100 Arm64 virtual machines for identity and access management

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md

@@ -0,0 +1,71 @@
+---
+title: Deploy Keycloak on Azure Cobalt 100 Arm64 virtual machines for identity and access management
+
+description: Learn how to install and configure Keycloak on an Azure Cobalt 100 Arm64 virtual machine, integrate it with PostgreSQL, configure OAuth2/OpenID Connect authentication, and secure applications using centralized identity management.
+
+minutes_to_complete: 90
+
+who_is_this_for: This is an introductory topic for developers, DevOps engineers, platform engineers, and cloud architects who want to deploy centralized authentication and identity management using Keycloak on Arm-based cloud environments.
+
+learning_objectives:
+    - Install and configure Keycloak on Azure Cobalt 100 Arm64 virtual machines
+    - Configure PostgreSQL as the backend database for Keycloak
+    - Configure realms, users, and OAuth2/OpenID Connect clients
+    - Integrate a Flask application with Keycloak authentication
+    - Validate OAuth2/OpenID Connect authentication workflows
+
+prerequisites:
+  - A [Microsoft Azure account](https://azure.microsoft.com/) with access to Cobalt 100 based instances (Dpsv6)
+  - Basic knowledge of Linux command-line operations
+  - Familiarity with SSH and remote server access
+  - Basic understanding of authentication, OAuth2, and identity management concepts
+
+author: Pareena Verma
+
+### Tags
+skilllevels: Introductory
+subjects: Containers and Virtualization
+cloud_service_providers:
+  - Microsoft Azure
+
+armips:
+    - Neoverse
+
+tools_software_languages:
+    - Keycloak
+    - PostgreSQL
+    - Flask
+    - Python
+    - Java
+
+operatingsystems:
+    - Linux
+
+further_reading:
+  - resource:
+      title: Keycloak Official Website
+      link: https://www.keycloak.org/
+      type: website
+  - resource:
+      title: Keycloak Documentation
+      link: https://www.keycloak.org/documentation
+      type: documentation
+  - resource:
+      title: OAuth 2.0 Framework
+      link: https://oauth.net/2/
+      type: documentation
+  - resource:
+      title: OpenID Connect Documentation
+      link: https://openid.net/connect/
+      type: documentation
+  - resource:
+      title: Azure Cobalt 100 processors
+      link: https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353
+      type: documentation
+
+### FIXED, DO NOT MODIFY
+# ================================================================================
+weight: 1
+layout: "learningpathall"
+learning_path_main_page: "yes"
+---

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_next-steps.md

@@ -0,0 +1,8 @@
+---
+# ================================================================================
+#       FIXED, DO NOT MODIFY THIS FILE
+# ================================================================================
+weight: 21                  # Set to always be larger than the content in this path to be at the end of the navigation.
+title: "Next Steps"         # Always the same, html page title.
+layout: "learningpathall"   # All files under learning paths have this same wrapper for Hugo processing.
+---

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md

@@ -0,0 +1,49 @@
+---
+title: Understand Keycloak on Azure Cobalt 100
+weight: 2
+
+layout: "learningpathall"
+---
+
+## Why run Keycloak on Azure Cobalt 100
+
+Keycloak on Arm-based Azure Cobalt 100 processors delivers scalable and efficient identity and access management for modern cloud-native applications. Azure Cobalt 100 processors provide dedicated physical cores per vCPU, which helps deliver predictable performance for authentication workloads, user management, and OAuth2/OpenID Connect flows.
+
+Keycloak benefits from the strong multi-core performance and energy efficiency of Arm-based Azure infrastructure, making it well suited for enterprise authentication systems, API security, and cloud-native identity platforms.
+
+## Azure Cobalt 100 Arm-based processor
+
+Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. These workloads include web and application servers, data analytics, open-source databases, and caching systems. Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
+
+To learn more, see the Microsoft blog [Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor](https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353).
+
+## How Keycloak improves authentication and identity management
+
+Keycloak is an open-source Identity and Access Management (IAM) platform that simplifies authentication and authorization for applications and services.
+
+Keycloak supports modern authentication standards such as:
+
+- OAuth2
+- OpenID Connect (OIDC)
+- SAML
+
+Keycloak provides centralized authentication, allowing users to log in once and securely access multiple applications using Single Sign-On (SSO).
+
+Keycloak integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
+
+To learn more, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
+
+Keycloak provides several important capabilities for authentication and security management:
+
+- Single Sign-On (SSO): Enables users to authenticate once and access multiple applications securely.
+- Centralized Identity Management: Manages users, roles, groups, and authentication policies from a single platform.
+- OAuth2 and OpenID Connect Support: Simplifies secure API and application authentication workflows.
+- Multi-factor Authentication (MFA): Improves account security using additional authentication methods.
+- User Federation: Integrates with enterprise identity systems such as LDAP and Active Directory.
+- Role-Based Access Control (RBAC): Controls user permissions and application access securely.
+
+In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
+
+## What you've learned and what's next
+
+You now understand why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. Next, you'll create the virtual machine that will run Keycloak and the Flask OAuth2 demo application throughout this Learning Path.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md

@@ -0,0 +1,74 @@
+---
+title: Allow access to Keycloak and Flask application on Azure
+weight: 4
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Configure external traffic for Keycloak and Flask application
+
+To allow external traffic for Keycloak and the Flask OAuth2 demo application on an Azure virtual machine, open the required ports in the Network Security Group (NSG). The NSG can be attached to the virtual machine's network interface or subnet.
+
+{{% notice Note %}}
+For more information about Azure setup, see [Getting started with Microsoft Azure Platform](/learning-paths/servers-and-cloud-computing/csp/azure/).
+{{% /notice %}}
+
+### Add inbound firewall rules in Azure
+
+To expose the required ports for Keycloak and the Flask application, create firewall rules.
+
+1. Navigate to the [Azure portal](https://portal.azure.com), go to **Virtual Machines**, and select your virtual machine.
+
+![Azure Portal Virtual Machines page with the target Azure Cobalt 100 Arm64 virtual machine selected before configuring network access for Keycloak.#center](images/virtual_machine.png "Azure Virtual Machines page")
+
+2. In the left menu, select **Networking**, then select **Network settings**.
+
+![Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100 Arm64 virtual machine for configuring inbound access rules.#center](images/networking.png "Azure VM networking settings")
+
+3. Navigate to **Create port rule**, and select **Inbound port rule**.
+
+![Azure Portal Create port rule menu with Inbound port rule selected for configuring Keycloak and Flask application access.#center](images/port_rule.png "Create inbound firewall rule")
+
+4. Configure inbound security rules for the following ports:
+
+| Port | Purpose |
+|---|---|
+| 8080 | Keycloak Admin Console |
+| 9000 | Keycloak health and management endpoint |
+| 5000 | Flask OAuth2 demo application |
+
+Use the following settings for each rule:
+
+- **Source:** My IP address  
+- **Source IP addresses:** *(auto-populated with your current public IP)*  
+- **Source port ranges:** *  
+- **Destination:** Any  
+- **Protocol:** TCP  
+- **Action:** Allow  
+
+Use these names:
+
+| Port | Rule Name |
+|---|---|
+| 8080 | allow-keycloak-8080 |
+| 9000 | allow-keycloak-9000 |
+| 5000 | allow-flask-5000 |
+
+{{% notice Note %}}
+Setting **Source** to **My IP address** restricts access to the ports to your current machine only. If your public IP changes or you need to access the services from another machine, update the source IP in the NSG rule.
+{{% /notice %}}
+
+5. After filling in the details, select **Add** to save each rule.
+
+You can now access:
+
+- Keycloak Admin Console on port **8080**
+- Keycloak health endpoint on port **9000**
+- Flask OAuth2 demo application on port **5000**
+
+## What you've learned and what's next
+
+You've now configured the Azure Network Security Group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application.
+
+Next, you'll deploy Keycloak, configure PostgreSQL integration, and validate OAuth2/OpenID Connect authentication workflows using the Flask application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md

@@ -0,0 +1,66 @@
+---
+title: Create an Azure Cobalt 100 Arm64 virtual machine
+weight: 3
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Set up the Azure virtual machine
+
+In this section, you'll launch the Azure portal to create a virtual machine (VM) with the Arm-based Azure Cobalt 100 processor.
+
+This Learning Path focuses on general-purpose virtual machines in the Dpsv6 series. For more information, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
+
+While the steps to create this instance are included here for convenience, you can also see [Deploy a Cobalt 100 virtual machine on Azure Learning Path](/learning-paths/servers-and-cloud-computing/cobalt/).
+
+### Create an Arm-based virtual machine in the Azure portal
+
+To create an Azure virtual machine using the Azure portal:
+
+1. Launch the Azure portal and navigate to **Virtual Machines**.
+2. Select **Create**, and select **Virtual Machine** from the drop-down list.
+3. In the **Basic** tab, fill in the instance details such as **Virtual machine name** and **Region**.
+4. Select **Ubuntu Pro 24.04 LTS** as the image for your virtual machine, and select **Arm64** as the VM architecture.
+5. In the **Size** field, select **See all sizes** and select the D-Series v6 family of virtual machines.
+6. Select **D4ps_v6** from the list as shown in the diagram below:
+
+![Azure Portal showing D-Series v6 VM size selection with D4ps_v6 highlighted#center](images/instance.png "Select D4ps_v6 from the D-Series v6 family")
+
+7. For **Authentication type**, select **SSH public key**.
+
+{{% notice Note %}}
+Azure generates an SSH key pair for you and lets you save it for future use. This method is fast, secure, and easy for connecting to your virtual machine.
+{{% /notice %}}
+
+8. Fill in the **Administrator username** for your VM.
+9. Select **Generate new key pair**, and select **RSA SSH Format** as the SSH Key Type.
+
+{{% notice Note %}}
+RSA offers better security with keys longer than 3072 bits.
+{{% /notice %}}
+
+10. Give your SSH key a key pair name.
+11. In the **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following image:
+
+![Azure Portal inbound port configuration showing SSH and HTTP selected. Check that the required access settings are in place before creating the virtual machine.#center](images/instance1.png "Configure inbound port rules for HTTP and SSH access")
+
+12. Select the **Review + Create** tab and review the configuration for your virtual machine. It should look like the following:
+
+![Azure Portal Review + Create tab showing VM configuration summary ready for deployment#center](images/ubuntu-pro.png "Review VM configuration before creation")
+
+13. When you're happy with your selection, select the **Create** button and then **Download Private key and Create Resource**.
+
+![Azure Portal showing Create button and SSH key download dialog#center](images/instance4.png "Download SSH key and create the virtual machine")
+
+Your virtual machine should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
+
+![Azure Portal deployment result showing that the virtual machine was created successfully. Look for the successful deployment status and the connection details you will use to access the virtual machine in the next step.#center](images/final-vm.png "Successful VM deployment confirmation")
+
+{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see "Getting Started with Microsoft Azure" in [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/).{{% /notice %}}
+
+## What you've accomplished and what's next
+
+You've created an Azure Cobalt 100 Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
+
+Next, you'll install Keycloak on the VM, configure PostgreSQL as the backend database, and deploy a demo OAuth2/OpenID Connect application using Flask.