Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services. As of March 2018 this WildFly community project is under the stewardship of Red Hat who use it as the upstream project for their RH-SSO product.

# install java
sudo apt install -y default-jdk
java -version

# download it and unzip it
mkdir ~/tmp
cd ~/tmp
sudo apt install -y wget
wget https://downloads.jboss.org/keycloak/7.0.1/keycloak-7.0.1.tar.gz
tar xzvf keycloak-7.0.1.tar.gz

# create the dir and move the files there
sudo mkdir /opt/keycloak
sudo chown $USER:$USER /opt/keycloak/
mv keycloak-7.0.1 /opt/keycloak/

# create a symbolic lync so that we only use /opt/keycloak/current from now on
ln -s /opt/keycloak/keycloak-7.0.1/ /opt/keycloak/current
ls -la /opt/keycloak/

# clean up
rm ~/tmp/keycloak-7.0.1.tar.gz

# create an admin account and password, choose your own here:
cd /opt/keycloak/current
cd bin
./add-user-keycloak.sh -r master -u admin -p admin

# start the server
./standalone.sh -b 0.0.0.0


# go to localhost:8080/
# click on Administration Console
# and log in (ex. with admin/admin)

Enable at startup:

sudo su
nano /etc/systemd/system/keycloak.service

with contents:

[Unit]
#After=mysql.service

[Service]
Environment="ARGS=-b 0.0.0.0"
ExecStart=/opt/keycloak/current/bin/standalone.sh $ARGS

[Install]
WantedBy=default.target

and

chmod 644 /etc/systemd/system/keycloak.service 
systemctl daemon-reload 
systemctl enable keycloak.service 
systemctl start keycloak.service 
tail -F /var/log/syslog