Saturday, October 21, 2017


Sadly there is not even a wikipedia entry, apart this short section "Federated SSO (LDAP and Active Directory), standard protocols (OpenID Connect, OAuth 2.0 and SAML 2.0) for Web, clustering and single sign on"

How to setup a Keycloak server:

I have done the "Standalone installation" on Windows and it works without a glitch.
The official documentation is here - tidy and condensed.

How to secure a REST application with the previously setup Keycloak server

except that the link is broken and I got the repo from "git clone" and cd redhat-sso-quickstarts and cd service-jee-jaxrs. Running mvn package now fails because of the missing keycloak.json file in the config folder.

I follow the instructions here to create a config\keycloak.json file . Only after creating this file you can run mvn package and build the service.war.

I start a standalone wildfly at 8080, do mvn install wildfly:deploy and I get Unknown authentication mechanism KEYCLOAK

This because in my app the web.xml contains <login-config><auth-method>KEYCLOAK</auth-method></login-config>
If I change it to BASIC and redeploy, then hit http://localhost:8080/service/public , it all works. But I need KEYCLOAK!

Here they explain how to configure Wildfly for KEYCLOAK.

I download the client adapter for Wildfly, the file is and I unzip it in the WLIDFLY_HOME folder, so as to merge it to the existing bin and modules folders. Then I run:

jboss-cli.bat -c --file=adapter-install.cli

This adds

<security-domain name="keycloak">
  <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>

but it still doesn't work, same error "Unknown authentication mechanism KEYCLOAK"...

strange, in Wildfly console I can see Configuration: Subsystems Subsystem: Security Security Domain: keycloak

However, I see the message "Extension module org.keycloak.keycloak-adapter-subsystem not found"... so I run also this

jboss-cli.bat -c --file=adapter-install.cli

and restart everything and it works!

Some valuable KEYCLOAK tutorials:

this one with some quick demo on how to secure webapps, nodejs etc applications:

this one is quite professional on the overall features:

Detailed configuration instructions here

Quickstarts available here

No comments: