Use a ToolFactory to build a working Keycloak at startup.

+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- No copyright or license for configuration file, details here are not considered a creative work. -->
+<moqui-conf xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://moqui.org/xsd/moqui-conf-3.xsd">
+    <default-property name="moqui_keycloak_realm" value="master"/>
+    <default-property name="moqui_keycloak_server_url" value="http://keycloak"/>
+    <default-property name="moqui_keycloak_client_id" value="moqui"/>
+    <default-property name="moqui_keycloak_client_secret" is-secret="true"/>
+
+    <tools>
+        <tool-factory class="org.moqui.keycloak.KeycloakToolFactory" init-priority="20" disabled="false"/>
+    </tools>
+</moqui-conf>

@@ -23,6 +23,9 @@ import org.moqui.entity.EntityFind
 import org.moqui.entity.EntityList
 import org.moqui.entity.EntityList
 import org.moqui.entity.EntityValue
 import org.moqui.entity.EntityValue
 
 
+import org.moqui.keycloak.KeycloakToolFactory
+
+
 import org.keycloak.OAuth2Constants
 import org.keycloak.OAuth2Constants
 import org.keycloak.admin.client.Keycloak
 import org.keycloak.admin.client.Keycloak
 import org.keycloak.admin.client.KeycloakBuilder
 import org.keycloak.admin.client.KeycloakBuilder
@@ -50,16 +53,6 @@ String keycloakToJson(Object o) {
     return JsonSerialization.writeValueAsString(o)
     return JsonSerialization.writeValueAsString(o)
 }
 }
 
 
-Keycloak buildKeycloak() {
-    return KeycloakBuilder.builder()
-        .serverUrl('http://keycloak')
-        .realm('master')
-        .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
-        .clientId('moqui')
-        .clientSecret('iXsnjGEbIVT8DQky2yCU9NQhnqDYyi7g')
-        .build()
-}
-
 Map<String, Object> buildClientConsent() {
 Map<String, Object> buildClientConsent() {
     return [
     return [
         clientId: null,
         clientId: null,
@@ -137,7 +130,7 @@ Map<String, Object> joinUserAccountToKeycloak() {
         return [:]
         return [:]
     }
     }
 
 
-    Keycloak keycloak = buildKeycloak()
+    Keycloak keycloak = KeycloakToolFactory.getInstance()
 
 
     try {
     try {
         RealmResource realm = keycloak.realm('master')
         RealmResource realm = keycloak.realm('master')
@@ -279,7 +272,7 @@ Map<String, Object> pushKeycloakUser() {
 Map<String, Object> getKeycloakUsers() {
 Map<String, Object> getKeycloakUsers() {
     String keycloakClientId = 'moqui'
     String keycloakClientId = 'moqui'
 
 
-    Keycloak keycloak = buildKeycloak()
+    Keycloak keycloak = ec.getTool('Keycloak', Keycloak.class)
 
 
     try {
     try {
         RealmResource realm = keycloak.realm('master')
         RealmResource realm = keycloak.realm('master')

+/*
+ * This software is in the public domain under CC0 1.0 Universal plus a 
+ * Grant of Patent License.
+ * 
+ * To the extent possible under law, the author(s) have dedicated all
+ * copyright and related and neighboring rights to this software to the
+ * public domain worldwide. This software is distributed without any
+ * warranty.
+ * 
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software (see the LICENSE.md file). If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+package org.moqui.keycloak
+
+import groovy.transform.CompileStatic
+import org.moqui.context.ExecutionContextFactory
+import org.moqui.context.ToolFactory
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+import org.keycloak.OAuth2Constants
+import org.keycloak.admin.client.Keycloak
+import org.keycloak.admin.client.KeycloakBuilder
+import org.keycloak.representations.info.ServerInfoRepresentation
+
+/**
+ *
+ */
+@CompileStatic
+class KeycloakToolFactory implements ToolFactory<Keycloak> {
+    protected final static Logger logger = LoggerFactory.getLogger(KeycloakToolFactory.class)
+    final static String TOOL_NAME = "Keycloak"
+
+    protected Keycloak keycloak = null
+
+    KeycloakToolFactory() { }
+
+    @Override
+    String getName() {
+        return TOOL_NAME
+    }
+
+    @Override
+    void init(ExecutionContextFactory ecf) {
+        logger.info("Starting Keycloak")
+        try {
+            ServerInfoRepresentation serverInfo = keycloak.serverInfo().getInfo()
+        } catch (Exception e) {
+            logger.error("Could not connect to keycloak server")
+            throw e
+        }
+    }
+
+    @Override
+    void preFacadeInit(ExecutionContextFactory ecf) {
+        this.keycloak = KeycloakBuilder.builder()
+            .serverUrl((String) System.getProperty("moqui_keycloak_server_url"))
+            .realm((String) System.getProperty("moqui_keycloak_realm"))
+            .grantType((String) OAuth2Constants.CLIENT_CREDENTIALS)
+            .clientId((String) System.getProperty("moqui_keycloak_client_id"))
+            .clientSecret((String) System.getProperty("moqui_keycloak_client_secret"))
+            .build()
+    }
+
+    @Override
+    Keycloak getInstance(Object... parameters) {
+        return keycloak
+    }
+
+    @Override
+    void destroy() {
+        if (keycloak != null) {
+            keycloak.close()
+        }
+    }
+}