Difference between revisions of "Keycloak"

From Dogtag
Jump to: navigation, search
m (Installation)
m (Tomcat)
Line 15: Line 15:
 
To access a realm, open http://$HOSTNAME:8080/auth/realms/<realm>/account.
 
To access a realm, open http://$HOSTNAME:8080/auth/realms/<realm>/account.
  
= Tomcat =
+
= Configuring Tomcat =
  
 
To install Tomcat adapter for Keycloak:
 
To install Tomcat adapter for Keycloak:
Line 30: Line 30:
 
* Define security constraints
 
* Define security constraints
 
* Define login-config with auth-method set to KEYCLOAK
 
* Define login-config with auth-method set to KEYCLOAK
 +
 +
To register Tomcat client:
 +
* Open Keycloak Admin Console
 +
* Open Clients
 +
* Add client:
 +
** Client protocol: openid-connect
 +
** Access type: public
 +
** Valid redirect URIs: http://localhost:/<app>/*
  
 
= See Also =
 
= See Also =

Revision as of 18:37, 9 August 2019

Installation

To install Keycloak server:

$ wget https://downloads.jboss.org/keycloak/6.0.1/keycloak-6.0.1.tar.gz
$ tar xzvf keycloak-6.0.1.tar.gz
$ cd keycloak-6.0.1/bin
$ ./add-user-keycloak.sh -u admin -p Secret.123
$ ./standalone.sh -b=0.0.0.0

Adding a New Realm

To access the Admin Console, open http://$HOSTNAME:8080/auth/admin/.

To access a realm, open http://$HOSTNAME:8080/auth/realms/<realm>/account.

Configuring Tomcat

To install Tomcat adapter for Keycloak:

  • Download keycloak-tomcat8-adapter-dist.jar.gz
  • Install jar files in <catalina.base>/lib
  • Edit tomcat-user.xml
  • Add admin-gui role
  • Edit index.html
  • Edit context.xml
  • Add Keycloak Valve
  • Add keycloak.json
  • Edit web.xml
  • Define security constraints
  • Define login-config with auth-method set to KEYCLOAK

To register Tomcat client:

  • Open Keycloak Admin Console
  • Open Clients
  • Add client:
    • Client protocol: openid-connect
    • Access type: public
    • Valid redirect URIs: http://localhost:/<app>/*

See Also