Difference between revisions of "Keycloak"

From Dogtag
Jump to: navigation, search
m (Configuring Tomcat Client)
m (Configuring Tomcat Client)
Line 21: Line 21:
 
= Configuring Tomcat Client =
 
= Configuring Tomcat Client =
  
To install Keycloak client adapter in Tomcat:
+
To create a Tomcat instance:
 +
 
 +
$ pki-server create tomcat@keycloak
 +
$ pki-server http-connector-mod -i tomcat@keycloak --port 9080 Connector1
 +
$ pki-server run tomcat@keycloak
 +
 
 +
To install Keycloak client adapter:
 +
 
 +
$ wget https://downloads.jboss.org/keycloak/6.0.1/adapters/keycloak-oidc/keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
 +
$ mkdir keycloak-tomcat8-adapter
 +
$ cd keycloak-tomcat8-adapter
 +
$ tar xzvf ../keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
 +
$ mv * /var/lib/tomcats/keycloak/lib
 +
 
 +
To enable Keycloak:
  
* Download [https://downloads.jboss.org/keycloak/6.0.1/adapters/keycloak-oidc/keycloak-tomcat8-adapter-dist-6.0.1.tar.gz keycloak-tomcat8-adapter-dist-6.0.1.tar.gz]
 
* Install jar files in <catalina.base>/lib
 
 
* Edit tomcat-user.xml
 
* Edit tomcat-user.xml
 
* Add admin-gui role
 
* Add admin-gui role
Line 36: Line 48:
  
 
To register Tomcat client:
 
To register Tomcat client:
 +
 
* Open Keycloak Admin Console
 
* Open Keycloak Admin Console
 
* Open Clients
 
* Open Clients

Revision as of 19:02, 9 August 2019

Installation

To install Keycloak server:

$ wget https://downloads.jboss.org/keycloak/6.0.1/keycloak-6.0.1.tar.gz
$ tar xzvf keycloak-6.0.1.tar.gz
$ cd keycloak-6.0.1/bin
$ ./add-user-keycloak.sh -u admin -p Secret.123
$ ./standalone.sh -b=0.0.0.0

Adding a New Realm

To access the Admin Console, open http://$HOSTNAME:8080/auth/admin/.

To access a realm, open http://$HOSTNAME:8080/auth/realms/<realm>/account.

Adding Roles in Realm

Adding Users in Realm

Configuring Tomcat Client

To create a Tomcat instance:

$ pki-server create tomcat@keycloak
$ pki-server http-connector-mod -i tomcat@keycloak --port 9080 Connector1
$ pki-server run tomcat@keycloak

To install Keycloak client adapter:

$ wget https://downloads.jboss.org/keycloak/6.0.1/adapters/keycloak-oidc/keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
$ mkdir keycloak-tomcat8-adapter 
$ cd keycloak-tomcat8-adapter
$ tar xzvf ../keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
$ mv * /var/lib/tomcats/keycloak/lib

To enable Keycloak:

  • Edit tomcat-user.xml
  • Add admin-gui role
  • Edit index.html
  • Edit context.xml
  • Add Keycloak Valve
  • Add keycloak.json
  • Edit web.xml
  • Define security constraints
  • Define login-config with auth-method set to KEYCLOAK

To register Tomcat client:

  • Open Keycloak Admin Console
  • Open Clients
  • Add client:
    • Client protocol: openid-connect
    • Access type: public
    • Valid redirect URIs: http://localhost:/<app>/*
  • Open Installation
    • Format option: Keycloak JSON
  • Store in WEB-INF/keycloak.json

See Also