Saturday, October 21, 2017

Keycloak

Sadly there is not even a wikipedia entry, apart this short section https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations "Federated SSO (LDAP and Active Directory), standard protocols (OpenID Connect, OAuth 2.0 and SAML 2.0) for Web, clustering and single sign on"

How to setup a Keycloak server:
http://blog.keycloak.org/2015/10/getting-started-with-keycloak.html

I have done the "Standalone installation" on Windows and it works without a glitch.
The official documentation is here http://www.keycloak.org/docs/latest/getting_started/index.html - tidy and condensed.

How to secure a REST application with the previously setup Keycloak server
http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html

except that the link is broken and I got the repo from "git clone https://github.com/redhat-developer/redhat-sso-quickstarts.git" and cd redhat-sso-quickstarts and cd service-jee-jaxrs. Running mvn package now fails because of the missing keycloak.json file in the config folder.

I follow the instructions here https://github.com/redhat-developer/redhat-sso-quickstarts/tree/7.0.x/service-jee-jaxrs to create a config\keycloak.json file . Only after creating this file you can run mvn package and build the service.war.

I start a standalone wildfly at 8080, do mvn install wildfly:deploy and I get Unknown authentication mechanism KEYCLOAK

This because in my app the web.xml contains <login-config><auth-method>KEYCLOAK</auth-method></login-config>
If I change it to BASIC and redeploy, then hit http://localhost:8080/service/public , it all works. But I need KEYCLOAK!




Here https://stackoverflow.com/questions/27253559/keycloak-unknown-authentication-mechanism they explain how to configure Wildfly for KEYCLOAK.

I download the client adapter for Wildfly http://www.keycloak.org/downloads.html, the file is keycloak-wildfly-adapter-dist-3.3.0.CR2.zip and I unzip it in the WLIDFLY_HOME folder, so as to merge it to the existing bin and modules folders. Then I run:

jboss-cli.bat -c --file=adapter-install.cli


This adds

<security-domain name="keycloak">
 <authentication>
  <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
 </authentication>
</security-domain>



but it still doesn't work, same error "Unknown authentication mechanism KEYCLOAK"...

strange, in Wildfly console I can see Configuration: Subsystems Subsystem: Security Security Domain: keycloak

However, I see the message "Extension module org.keycloak.keycloak-adapter-subsystem not found"... so I run also this

jboss-cli.bat -c --file=adapter-install.cli

and restart everything and it works!

Some valuable KEYCLOAK tutorials:

this one with some quick demo on how to secure webapps, nodejs etc applications:




this one is quite professional on the overall features:





Detailed configuration instructions here http://www.keycloak.org/docs/latest/getting_started/topics/secure-jboss-app/download-quickstarts.html

Quickstarts available here https://github.com/keycloak/keycloak-quickstarts








No comments: