2015-01-21 12:04:58 +00:00
How to secure Fuse admin services
=================================
2016-11-24 14:31:06 +00:00
Fuse admin console authentication on JBoss Fuse 6.3.0 Rollup 1 or newer
2015-01-21 12:04:58 +00:00
---------------------------------
2016-11-24 14:31:06 +00:00
Fuse admin console is Hawt.io. Follow the instructions in [Docs ](https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/fuse/hawtio.html ) for details on how to integrate it.
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
Example steps:
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
1) Import `demo` realm as mentioned in [Base steps ](../README.md#base-steps ) . It contains `hawtio-client` and some example users.
2016-10-04 13:51:40 +00:00
2016-11-24 14:31:06 +00:00
2) Copy files [keycloak-hawtio.json ](keycloak-hawtio.json ) and [keycloak-hawtio-client.json ](keycloak-hawtio-client.json ) to the `$FUSE_HOME/etc/` directory.
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
3) Edit properties in `$FUSE_HOME/etc/system.properties` as described in the documentation pointed above.
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
3) Run Fuse and install `keycloak` feature in the terminal as described in the documentation pointed above.
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
4) Test. After going to `http://localhost:8181/hawtio` you can login as any of these users. Password of all the sample users is `password` :
* root - He has role `admin` . He can access to everything in Hawtio
* john - He has role `viewer` . He can access to man functionalities in Hawtio.
* mary - She is not able to successfully authenticate to Hawtio
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
SSH authentication with keycloak credentials on JBoss Fuse 6.3.0 Rollup 1 or newer
-----------------------------------------------------------------------
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
Follow the instructions in [Docs ](https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/fuse/fuse-admin.html ) for details
Example steps for enable SSH authentication:
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
1) Import `demo` realm as mentioned in [Base steps ](../README.md#base-steps ) . It contains `ssh-jmx-admin-client` and some example users.
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
2) Then you need to update/specify this property in file `$FUSE_HOME/etc/org.apache.karaf.shell.cfg` as mentioned in the docs pointed above.
2016-10-04 13:51:40 +00:00
2016-11-24 14:31:06 +00:00
3) Copy file from Keycloak fuse examples [keycloak-direct-access.json ](keycloak-direct-access.json ) to `$FUSE_HOME/etc/` directory.
4) Start Fuse and install `keycloak` JAAS realm into Fuse as mentioned in the docs pointed above.
2016-10-04 13:51:40 +00:00
2016-11-24 14:31:06 +00:00
5) Try to login into SSH as different users with the command shown in the docs pointed above. Password of all the sample users is `password` :
* root - He can run any command in Fuse Karaf SSH terminal
* john - He can run just read-only commands (eg. `features:list` ) but not write command (eg. `features:addurl` ).
* mary - She is not able to successfully authenticate to SSH
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
JMX authentication with keycloak credentials on JBoss Fuse 6.3.0 Rollup 1 or newer
2016-10-04 13:51:40 +00:00
-----------------------------------------------------------------------
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
See [Docs ](https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/latest/topics/oidc/java/fuse/fuse-admin.html ) for details
2015-01-21 12:04:58 +00:00
2016-11-24 14:31:06 +00:00
You can use file [keycloak-direct-access.json ](keycloak-direct-access.json ) to be copied into `$FUSE_HOME/etc/` as mentioned above in the SSH section. You can
also test with same users.
