Difference between revisions of "Keycloak"

From Dogtag
Jump to: navigation, search
m (Configuring Tomcat Client)
m (Configuring Tomcat Client)
Line 53: Line 53:
 
  $ mv * /var/lib/tomcats/keycloak/lib
 
  $ mv * /var/lib/tomcats/keycloak/lib
  
To enable Keycloak:
+
To enable Keycloak, create <web application>/META-INF/context.xml:
  
* Edit tomcat-user.xml
+
<Context>
* Add admin-gui role
+
    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
* Edit index.html
+
</Context>
* Edit context.xml
 
* Add Keycloak Valve
 
* Add keycloak.json
 
* Edit web.xml
 
* Define security constraints
 
* Define login-config with auth-method set to KEYCLOAK
 
  
 
To register Tomcat client:
 
To register Tomcat client:
Line 76: Line 70:
 
* Format option: Keycloak OIDC JSON
 
* Format option: Keycloak OIDC JSON
  
Then store the configuration in WEB-INF/keycloak.json:
+
Then store the configuration in <web application>/WEB-INF/keycloak.json:
  
 
<pre>
 
<pre>
Line 88: Line 82:
 
}
 
}
 
</pre>
 
</pre>
 +
 +
To configure web application, edit <web application>/WEB-INF/web.xml:
 +
 +
* Define security constraints
 +
* Define login-config with auth-method set to KEYCLOAK
  
 
= See Also =
 
= See Also =

Revision as of 20:21, 9 August 2019

Development

To build Keycloak:

$ git clone https://github.com/keycloak/keycloak.git
$ cd keycloak
$ mvn install

See also:

Installation

To install Keycloak server:

$ wget https://downloads.jboss.org/keycloak/6.0.1/keycloak-6.0.1.tar.gz
$ tar xzvf keycloak-6.0.1.tar.gz
$ cd keycloak-6.0.1/bin

To setup admin user:

$ ./add-user-keycloak.sh -u admin -p Secret.123

To start Keycloak server:

$ ./standalone.sh -b=0.0.0.0

Adding a New Realm

To access the Admin Console, open http://$HOSTNAME:8080/auth/admin/.

To access a realm, open http://$HOSTNAME:8080/auth/realms/<realm>/account.

Adding Roles in Realm

Adding Users in Realm

Configuring Tomcat Client

To create a Tomcat instance:

$ pki-server create tomcat@keycloak
$ pki-server http-connector-mod -i tomcat@keycloak --port 9080 Connector1
$ pki-server run tomcat@keycloak

To install Keycloak client adapter:

$ wget https://downloads.jboss.org/keycloak/6.0.1/adapters/keycloak-oidc/keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
$ mkdir keycloak-tomcat8-adapter 
$ cd keycloak-tomcat8-adapter
$ tar xzvf ../keycloak-tomcat8-adapter-dist-6.0.1.tar.gz
$ mv * /var/lib/tomcats/keycloak/lib

To enable Keycloak, create <web application>/META-INF/context.xml:

<Context>

   <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>

</Context>

To register Tomcat client:

  • Open Keycloak Admin Console
  • Click Clients -> Create

To generate client adapter configuration, click Installation:

  • Format option: Keycloak OIDC JSON

Then store the configuration in <web application>/WEB-INF/keycloak.json:

{
  "realm": "demo",
  "auth-server-url": "http://$HOSTNAME:8080/auth",
  "ssl-required": "external",
  "resource": "tomcat",
  "public-client": true,
  "confidential-port": 0
}

To configure web application, edit <web application>/WEB-INF/web.xml:

  • Define security constraints
  • Define login-config with auth-method set to KEYCLOAK

See Also