52 lines
3 KiB
Markdown
52 lines
3 KiB
Markdown
|
How to secure Fuse admin services
|
||
|
=================================
|
||
|
|
||
|
Fuse admin console authentication on JBoss Fuse 6.3.0 Rollup 1 or newer
|
||
|
---------------------------------
|
||
|
Fuse admin console is Hawt.io. Follow the instructions in [Docs](https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/fuse/hawtio.html) for details on how to integrate it.
|
||
|
|
||
|
Example steps:
|
||
|
|
||
|
1) Import `demo` realm as mentioned in [Base steps](../README.md#base-steps) . It contains `hawtio-client` and some example users.
|
||
|
|
||
|
2) Copy files [keycloak-hawtio.json](keycloak-hawtio.json) and [keycloak-hawtio-client.json](keycloak-hawtio-client.json) to the `$FUSE_HOME/etc/` directory.
|
||
|
|
||
|
3) Edit properties in `$FUSE_HOME/etc/system.properties` as described in the documentation pointed above.
|
||
|
|
||
|
3) Run Fuse and install `keycloak` feature in the terminal as described in the documentation pointed above.
|
||
|
|
||
|
4) Test. After going to `http://localhost:8181/hawtio` you can login as any of these users. Password of all the sample users is `password` :
|
||
|
* root - He has role `admin` . He can access to everything in Hawtio
|
||
|
* john - He has role `viewer` . He can access to man functionalities in Hawtio.
|
||
|
* mary - She is not able to successfully authenticate to Hawtio
|
||
|
|
||
|
|
||
|
SSH authentication with keycloak credentials on JBoss Fuse 6.3.0 Rollup 1 or newer
|
||
|
-----------------------------------------------------------------------
|
||
|
|
||
|
Follow the instructions in [Docs](https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/fuse/fuse-admin.html) for details
|
||
|
|
||
|
Example steps for enable SSH authentication:
|
||
|
|
||
|
1) Import `demo` realm as mentioned in [Base steps](../README.md#base-steps) . It contains `ssh-jmx-admin-client` and some example users.
|
||
|
|
||
|
2) Then you need to update/specify this property in file `$FUSE_HOME/etc/org.apache.karaf.shell.cfg` as mentioned in the docs pointed above.
|
||
|
|
||
|
3) Copy file from Keycloak fuse examples [keycloak-direct-access.json](keycloak-direct-access.json) to `$FUSE_HOME/etc/` directory.
|
||
|
|
||
|
4) Start Fuse and install `keycloak` JAAS realm into Fuse as mentioned in the docs pointed above.
|
||
|
|
||
|
5) Try to login into SSH as different users with the command shown in the docs pointed above. Password of all the sample users is `password` :
|
||
|
* root - He can run any command in Fuse Karaf SSH terminal
|
||
|
* john - He can run just read-only commands (eg. `features:list` ) but not write command (eg. `features:addurl` ).
|
||
|
* mary - She is not able to successfully authenticate to SSH
|
||
|
|
||
|
|
||
|
JMX authentication with keycloak credentials on JBoss Fuse 6.3.0 Rollup 1 or newer
|
||
|
-----------------------------------------------------------------------
|
||
|
|
||
|
See [Docs](https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/fuse/fuse-admin.html) for details
|
||
|
|
||
|
You can use file [keycloak-direct-access.json](keycloak-direct-access.json) to be copied into `$FUSE_HOME/etc/` as mentioned above in the SSH section. You can
|
||
|
also test with same users.
|