diff --git a/distribution/downloads/src/main/resources/files b/distribution/downloads/src/main/resources/files
index 05a08f6a57..5a78124098 100644
--- a/distribution/downloads/src/main/resources/files
+++ b/distribution/downloads/src/main/resources/files
@@ -3,7 +3,6 @@
keycloak-server-x-dist:keycloak.x-preview
keycloak-server-overlay:keycloak-overlay
keycloak-api-docs-dist:keycloak-api-docs
- keycloak-examples-dist:keycloak-examples
keycloak-as7-adapter-dist:keycloak-oidc-as7-adapter
keycloak-eap6-adapter-dist:keycloak-oidc-eap6-adapter
diff --git a/distribution/examples-dist/assembly.xml b/distribution/examples-dist/assembly.xml
deleted file mode 100755
index 06d700ceb8..0000000000
--- a/distribution/examples-dist/assembly.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
-
- examples
-
-
- zip
-
-
- true
-
-
-
- target/examples
-
-
- **/pom.xml.releaseBackup
- **/.svn/**
- **/target/**
- **/*.iml
-
-
-
-
diff --git a/distribution/examples-dist/build.xml b/distribution/examples-dist/build.xml
deleted file mode 100755
index 1eb440ad4a..0000000000
--- a/distribution/examples-dist/build.xml
+++ /dev/null
@@ -1,140 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/distribution/examples-dist/pom.xml b/distribution/examples-dist/pom.xml
deleted file mode 100755
index 021e319f29..0000000000
--- a/distribution/examples-dist/pom.xml
+++ /dev/null
@@ -1,113 +0,0 @@
-
-
-
- 4.0.0
-
- keycloak-distribution-parent
- org.keycloak
- 16.0.0-SNAPSHOT
-
-
- keycloak-examples-dist
- pom
- Keycloak Examples Distribution
-
-
-
-
- community
-
-
- !product
-
-
-
- keycloak-examples-${project.version}
-
-
- org.apache.maven.plugins
- maven-deploy-plugin
-
- true
-
-
-
- org.apache.maven.plugins
- maven-antrun-plugin
- false
-
-
- build-example
-
- run
-
- compile
-
-
-
-
-
-
-
-
-
-
-
- ant-contrib
- ant-contrib
- 1.0b3
-
-
- ant
- ant
-
-
-
-
-
-
- maven-assembly-plugin
-
-
- assemble
- package
-
- single
-
-
-
- assembly.xml
-
-
- target
-
-
- target/assembly/work
-
- false
-
-
-
-
-
-
-
-
-
-
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 617bda6534..6057937ceb 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -93,7 +93,6 @@
distribution-downloadsapi-docs-dist
- examples-distdownloads
diff --git a/examples/README.md b/examples/README.md
index ecd1b8e8c5..1ed6b234d2 100755
--- a/examples/README.md
+++ b/examples/README.md
@@ -3,16 +3,6 @@ Keycloak Examples
This directory contains a number of examples for Keycloak.
-Demo
-----
-
-This is the our main example, which shows Login, Single-Sign On, Single-Sign Out and OAuth Token Grant. The demo comes in two flavours:
-
-* Preconfigured - Use this flavour to quickly deploy the demo to a local Keycloak server without having to configure anything other than importing the realm settings into Keycloak
-* Unconfigured - Use this flavour to manually configure and deploy the demo to either a local or external Keycloak server
-
-For more information look at `preconfigured-demo/README.md` or `unconfigured-demo/README.md`. For the unconfigured-demo there's an accompanying screencast at [http://keycloak.org/docs](http://keycloak.org/docs) that walks you through the setup process.
-
Admin Client
------------
@@ -52,16 +42,6 @@ Themes
Example themes to change the look and feel of login forms, account management console and admin console. For more information look at `themes/README.md`.
-Multi tenancy
--------------
-
-A complete application, showing how to achieve multi tenancy of web applications by using one realm per account. For more information look at `multi-tenant/README.md`
-
-Basic authentication
---------------------
-
-Example REST application configured to support both basic authentication with username/password as well as authentication with bearer token. For more information look at `basic-auth/README.md`
-
Fuse
----
diff --git a/examples/basic-auth/README.md b/examples/basic-auth/README.md
deleted file mode 100644
index 8eb4fc506a..0000000000
--- a/examples/basic-auth/README.md
+++ /dev/null
@@ -1,31 +0,0 @@
-Keycloak Example - Basic Authentication
-=======================================
-
-The following example was tested on Wildfly 8.1.0.Final and JBoss EAP 6.3. It should be compatible with any JBoss AS, JBoss EAP or Wildfly that supports Java EE 7.
-
-This example demonstrates basic authentication support for a Keycloak protected REST service. However, more importantly it enables a REST service to be secured using both basic and bearer token authentication, which is useful where the service needs to be accessed both as part of a single signon session, and also as a standalone REST service.
-
-
-Step 1: Setup a basic Keycloak server
---------------------------------------------------------------
-Install Keycloak server and start it on port 8080. Check the Reference Guide if unsure on how to do it.
-
-Once the Keycloak server is up and running, import the realm basicauthrealm.json.
-
-
-Step 2: Deploy and run the example
---------------------------------------------------------------
-
-- Build and deploy this sample's WAR file. For this example, deploy on the same server that is running the Keycloak Server, although this is not required for real world scenarios.
-
-- Open a command window and perform the following command:
-
- curl http://admin:password@localhost:8080/basicauth/service/echo?value=hello
-
-(If we navigate directly to http://localhost:8080/basicauth/service/echo?value=hello, we get an error in the browser because the request is not authenticated).
-
-This should result in the value 'hello' being returned as a response.
-
-Simply change the username (currently 'admin') or password (currently 'password') in the command to see an "Unauthorized" response.
-
-
diff --git a/examples/basic-auth/basicauthrealm.json b/examples/basic-auth/basicauthrealm.json
deleted file mode 100644
index 13af84fe76..0000000000
--- a/examples/basic-auth/basicauthrealm.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- "realm": "basic-auth",
- "enabled": true,
- "accessTokenLifespan": 60,
- "accessCodeLifespan": 60,
- "accessCodeLifespanUserAction": 300,
- "ssoSessionIdleTimeout": 600,
- "ssoSessionMaxLifespan": 36000,
- "sslRequired": "external",
- "registrationAllowed": false,
- "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
- "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
- "requiredCredentials": [ "password" ],
- "users" : [
- {
- "username" : "admin",
- "enabled": true,
- "email" : "admin@admin.com",
- "firstName": "Admin",
- "lastName": "Burke",
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": [ "user","admin" ],
- "clientRoles": {
- "realm-management": [ "realm-admin" ]
- }
- }
- ],
- "roles" : {
- "realm" : [
- {
- "name": "user",
- "description": "User privileges"
- },
- {
- "name": "admin",
- "description": "Administrator privileges"
- }
- ]
- },
- "clients": [
- {
- "clientId": "basic-auth-service",
- "standardFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "enabled": true,
- "adminUrl": "/basicauth",
- "baseUrl": "/basicauth",
- "secret": "password"
- }
- ]
-
-}
diff --git a/examples/basic-auth/pom.xml b/examples/basic-auth/pom.xml
deleted file mode 100755
index 9ae839af4f..0000000000
--- a/examples/basic-auth/pom.xml
+++ /dev/null
@@ -1,95 +0,0 @@
-
-
-
-
- 4.0.0
-
-
- keycloak-examples-parent
- org.keycloak
- 16.0.0-SNAPSHOT
-
-
- Keycloak Examples - Basic Auth
- examples-basicauth
- war
-
-
- Keycloak Basic Auth Example
-
-
-
-
- jboss
- jboss repo
- https://repository.jboss.org/nexus/content/groups/public/
-
- false
-
-
-
-
-
-
- org.jboss.resteasy
- resteasy-jaxrs
- provided
-
-
- org.jboss.spec.javax.servlet
- jboss-servlet-api_3.0_spec
- provided
-
-
- org.keycloak
- keycloak-core
- provided
-
-
- org.keycloak
- keycloak-adapter-core
- provided
-
-
- org.apache.httpcomponents
- httpclient
- provided
-
-
-
-
- basicauth
-
-
- org.jboss.as.plugins
- jboss-as-maven-plugin
-
- false
-
-
-
- org.wildfly.plugins
- wildfly-maven-plugin
-
- false
-
-
-
-
-
diff --git a/examples/basic-auth/src/main/java/org/keycloak/example/basicauth/BasicAuthService.java b/examples/basic-auth/src/main/java/org/keycloak/example/basicauth/BasicAuthService.java
deleted file mode 100644
index f5f56a54ba..0000000000
--- a/examples/basic-auth/src/main/java/org/keycloak/example/basicauth/BasicAuthService.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.example.basicauth;
-
-import org.jboss.resteasy.annotations.cache.NoCache;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.QueryParam;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-@Path("service")
-public class BasicAuthService {
- @GET
- @NoCache
- @Path("echo")
- public String echo(@QueryParam("value") String value) {
- return value;
- }
-}
diff --git a/examples/basic-auth/src/main/java/org/keycloak/example/basicauth/BasicAuthServiceApplication.java b/examples/basic-auth/src/main/java/org/keycloak/example/basicauth/BasicAuthServiceApplication.java
deleted file mode 100644
index b529925efc..0000000000
--- a/examples/basic-auth/src/main/java/org/keycloak/example/basicauth/BasicAuthServiceApplication.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.example.basicauth;
-
-import javax.ws.rs.ApplicationPath;
-import javax.ws.rs.core.Application;
-
-/**
- * Basic auth app.
- */
-@ApplicationPath("/")
-public class BasicAuthServiceApplication extends Application
-{
-}
diff --git a/examples/basic-auth/src/main/webapp/WEB-INF/keycloak.json b/examples/basic-auth/src/main/webapp/WEB-INF/keycloak.json
deleted file mode 100644
index 9da7ed42e5..0000000000
--- a/examples/basic-auth/src/main/webapp/WEB-INF/keycloak.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "realm" : "basic-auth",
- "resource" : "basic-auth-service",
- "auth-server-url": "/auth",
- "ssl-required" : "external",
- "enable-basic-auth" : "true",
- "credentials": {
- "secret": "password"
- }
-}
diff --git a/examples/basic-auth/src/main/webapp/WEB-INF/web.xml b/examples/basic-auth/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index e1eb8718c1..0000000000
--- a/examples/basic-auth/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
-
-
-
- basicauth
-
-
-
- /*
-
-
-
- user
-
-
-
-
- KEYCLOAK
- basic-auth
-
-
-
- user
-
-
diff --git a/examples/demo-template/README.md b/examples/demo-template/README.md
deleted file mode 100755
index 3edae7b122..0000000000
--- a/examples/demo-template/README.md
+++ /dev/null
@@ -1,227 +0,0 @@
-Login, Distributed SSO, Distributed Logout, and OAuth Token Grant Examples
-===================================
-The following examples requires Wildfly 8.0.0, JBoss EAP 6.x, or JBoss AS 7.1.1. Here's the highlights of the examples
-* Delegating authentication of a web app to the remote authentication server via OAuth 2 protocols
-* Distributed Single-Sign-On and Single-Logout
-* Transferring identity and role mappings via a special bearer token (Skeleton Key Token).
-* Bearer token authentication and authorization of JAX-RS services
-* Obtaining bearer tokens via the OAuth2 protocol
-* Interact with the Keycloak Admin REST Api
-
-There are multiple WAR projects. These will all run on the same WildFly instance, but pretend each one is running on a different
-machine on the network or Internet.
-* **customer-app** A WAR application that does remote login using OAuth2 browser redirects with the auth server
-* **customer-app-filter** A WAR application secured by the Keycloak Servlet Filter Adapter. Useful for EE platforms that don't have an adapter.
-* **customer-app-js** A pure HTML/Javascript application that does remote login using OAuth2 browser redirects with the auth server
-* **customer-app-cli** A pure CLI application that does remote login using OAuth2 browser redirects with the auth server
-* **product-app** A WAR application that does remote login using OAuth2 browser redirects with the auth server
-* **admin-access-app** A WAR application that does remote REST login to admin console to obtain a list of realm roles from Admin REST API
-* **angular-product-app** An Angular JS pure HTML5/Javascript application.
-* **database-service** JAX-RS services authenticated by bearer tokens only. The customer and product app invoke on it to get data
-
-The UI of each of these applications is very crude and exists just to show our OAuth2 implementation in action.
-
-_This demo is meant to run on the same server instance as the Keycloak Server!_
-
-
-Step 1: Make sure you've set up the Keycloak Server
---------------------------------------
-The Keycloak Demo Distribution comes with a preconfigured Keycloak server (based on Wildfly). You can use it out of
-the box to run these demos. So, if you're using this, you can head to Step 2.
-
-Alternatively, you can install the Keycloak Server onto any EAP 6.x, or Wildfly 8.x server, but there is
-a few steps you must follow. You need to obtain latest keycloak-war-dist-all.zip. This distro is used to install Keycloak onto an existing JBoss installation.
-This installs the server using a WAR file.
-
- $ cd ${jboss.as7.home}/standalone
- $ cp -r ${keycloak-war-dist-all}/deployments .
-
-To be able to run the demos you also need to install the Keycloak client adapter. For Wildfly:
-
- $ cd ${wildfly.home}
- $ unzip ${keycloak-war-dist-all}/adapters/keycloak-wildfly-adapter-dist.zip
-
-For JBoss EAP 6.x
-
- $ cd ${eap.home}
- $ unzip ${keycloak-war-dist-all}/adapters/keycloak-eap6-adapter-dist.zip
-
-For JBoss AS 7.1.1:
-
- $ cd ${as7.home}
- $ unzip ${keycloak-war-dist-all}/adapters/keycloak-as7-adapter-dist.zip
-
-WARNING: Note that we don't officially support Keycloak auth-server running on JBoss AS 7.1.1. You can still test examples running on AS 7.1.1,
-but then you may need to do few additional changes in examples to point them into external Keycloak server running on WildFly or EAP 6.x.
-This is especially changing "auth-server-url" in keycloak.json files to be non-relative as examples and auth-server will run on different server!
-
-Unzipping the adapter ZIP only installs the JAR files. You must also add the Keycloak Subsystem to the server's
-configuration (standalone/configuration/standalone.xml).
-
-For WildFly and JBoss EAP 6.x
-
-
-
-
- ...
-
-
-
-
-
- true
- auth
-
-
- ...
-
-
-For AS 7.1.1:
-
-
-
-
- ...
-
-
-
-
- ...
-
-
-Step 2: Boot Keycloak Server
----------------------------------------
-Where you go to start up the Keycloak Server depends on which distro you installed.
-
-From appliance:
-
-```
-$ cd keycloak/bin
-$ ./standalone.sh
-```
-
-
-From existing Wildfly/EAP6/AS7 distro
-
-```
-$ cd ${wildfly.jboss.home}/bin
-$ ./standalone.sh
-```
-
-
-Step 3: Import the Test Realm
----------------------------------------
-Next thing you have to do is import the test realm for the demo. Clicking on the below link will bring you to the
-create realm page in the Admin UI. The username/password is admin/admin to login in. Keycloak will ask you to
-create a new admin password before you can go to the create realm page.
-
-[http://localhost:8080/auth/admin/master/console/#/create/realm](http://localhost:8080/auth/admin/master/console/#/create/realm)
-
-Import the testrealm.json file that is in the preconfigured-demo/ example directory.
-
-
-Step 4: Build and deploy
----------------------------------------
-next you must build and deploy
-
-```
-cd preconfigured-demo
-mvn clean install
-```
-
-On EAP6/AS7 run:
-
-```
-mvn jboss-as:deploy
-```
-
-Or for WildFly run:
-
-```
-mvn wildfly:deploy
-```
-
-
-Step 5: Login and Observe Apps
----------------------------------------
-Try going to the customer app and view customer data:
-
-[http://localhost:8080/customer-portal/customers/view.jsp](http://localhost:8080/customer-portal/customers/view.jsp)
-
-This should take you to the auth-server login screen. Enter username: bburke@redhat.com and password: password.
-
-If you click on the products link, you'll be taken to the products app and show a product listing. The redirects
-are still happening, but the auth-server knows you are already logged in so the login is bypassed.
-
-If you click on the logout link of either of the product or customer app, you'll be logged out of all the applications.
-
-The example also shows different methods of client authentication. The customer-portal example is using traditional authentication with client_id and client_secret,
-but the product-portal example is using client authentication with JWT signed by client private key, which is retrieved from the keystore file inside the product-portal WAR.
-
-Step 6: Try the CLI Example
----------------------------
-To try the CLI example run the following commands:
-
-$ cd customer-app-cli
-$ mvn exec:java
-
-This will open a shell that lets you specify a few different commands. For example type 'login' and press enter to login. Pressing enter with a blank line will display the available commands.
-
-The CLI example has two alternative methods for login. When a browser is available the CLI opens the login form in a browser, and will automatically retrieve the return code by starting a
-temporary web server on a free port. If a browser is not available the URL to login is displayed on the CLI. The user can copy this URL to another computer that has a browser available. The code
-is displayed to the user after login and the user has to copy this code back to the application.
-
-Step 7: Admin REST API
-----------------------------------
-Keycloak has a Admin REST API. This example shows an application making a remote direct login to Keycloak to obtain a token
-then using that token to access the Admin REST API.
-
-[http://localhost:8080/admin-access](http://localhost:8080/admin-access)
-
-If you are already logged in, you will not be asked for a username and password, but you will be redirected to
-an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
-
-Step 8: Angular JS Example
-----------------------------------
-An Angular JS example using Keycloak to secure it.
-
-[http://localhost:8080/angular-product](http://localhost:8080/angular-product)
-
-If you are already logged in, you will not be asked for a username and password, but you will be redirected to
-an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
-
-Step 9: Pure HTML5/Javascript Example
-----------------------------------
-An pure HTML5/Javascript example using Keycloak to secure it.
-
-[http://localhost:8080/customer-portal-js](http://localhost:8080/customer-portal-js)
-
-If you are already logged in, you will not be asked for a username and password, but you will be redirected to
-an oauth grant page. This page asks you if you want to grant certain permissions to the third-part app.
-
-Step 10: Service Account Example
-----------------------------------
-An example for retrieve service account dedicated to the Client Application itself (not to any user).
-
-[http://localhost:8080/service-account-portal](http://localhost:8080/service-account-portal)
-
-Client authentication is done with OAuth2 Client Credentials Grant in out-of-bound request (Not Keycloak login screen displayed) .
-
-Step 11: Offline Access Example
-----------------------------------
-An example for retrieve offline token, which is then saved to the database and can be used by application anytime later. Offline token
-is valid even if user is already logged out from SSO. Server restart also won't invalidate offline token. Offline token can be revoked by the user in
-account management or by admin in admin console.
-
-[http://localhost:8080/offline-access-portal](http://localhost:8080/offline-access-portal)
-
-
-Admin Console
-==========================
-
-[http://localhost:8080/auth/admin/index.html](http://localhost:8080/auth/admin/index.html)
-
-
-
-
-
diff --git a/examples/demo-template/README.md.unconfigured b/examples/demo-template/README.md.unconfigured
deleted file mode 100755
index a5e2e3d581..0000000000
--- a/examples/demo-template/README.md.unconfigured
+++ /dev/null
@@ -1,158 +0,0 @@
-Unconfigured Examples
-===================================
-This set of projects contains a stripped down version of the demo described in preconfigured-demo. All keycloak specific
-configuration has been removed. Use this project in conjunction with instructions below and/or the online screencast tutorials at
-[http://keycloak.org/docs](http://keycloak.org/docs).
-
-
-# Run Demo with an external Keycloak Server
-
-These instructions assume you've already installed and started a Keycloak Server. Keycloak can be running on your locally or remotely (for example on OpenShift). If you're not running Keycloak locally you'll also need a locally running WildFly server.
-
-## Create Realm
-
-Open the Keycloak admin console and click on `Add Realm`. Enter `demo` as the name for the realm and click `Save`.
-
-The demo applications uses two realm roles, `user` and `admin`, so the next step is to create these. Click on `Roles` then click on `Add Role`. Use `user` as the role name and click `Save`. Repeat to create a role with the name `admin`.
-
-Next you'll either want to enable user registration or create a new user.
-
-### Enable user registration
-
-To enable user registration first click on `Roles` then `Default Roles`. Select the `user` role and click on the right arrow. This will make sure that all new users are automatically assigned the `user` role. Next step is to enable user registration for the realm. Click on `Settings` then `Login`. Click on the toggle for `user registration` to allow users to self-register.
-
-### Create user
-
-To create a new user click on `Users` then `Add User`. You are required to at least fill in the `username` field, but you may want to fill in values for the other fields as well. After you've completed the form click on `Save`. To allow the user to login you also need to set a password for the user. To do this click on `Credentials`. Enter a new password for the user. If you leave the `Temporary` toggle ON the user will be required to reset the password on the next login.
-
-
-## Deploy Demo Applications
-
-First you need to install WildFly application server. Second step is to install the Keycloak WildFly subsystem. To do this run:
-
- # cd
- # unzip /adapters/keycloak-wildfly-adapter-dist-.zip
-
-Next configure the Keycloak adapter by editing `standalone/configuration/standalone.xml`. Add a new child-element to ``:
-
-
- ....
-
-
-
-You also need to add realm config to the same file. Add a new child-element to ``:
-
-
- ....
-
-
- KEYCLOAK URL
- external
-
-
-
-
-In the above snippet replace the following:
-
-* `KEYCLOAK URL` - replace with the base url of Keycloak (for example http://localhost:8080/auth or http://keycloak.example.org/auth)
-
-Don't start the WildFly server until you've configured and deployed the demo applications.
-
-### Database Services
-
-Most demo applications connects to the REST services provided by the database-services application, so start with deploying this.
-
-Run the following to deploy it:
-
- # cd database-services
- # mvn install
- # cp target/database.war /standalone/deployments
-
-Next add the configuration for it to the Keycloak subsystem. Edit `/standalone/configuration/standalone.xml` to `` add:
-
-
- demo
- database-service
- true
-
-
-### Customer Portal
-
-Next deploy the customer portal application.
-
-Run the following to deploy it:
-
- # cd customer-app
- # mvn install
- # cp target/customer-portal.war /standalone/deployments
-
-Then open the Keycloak admin console to add a configuration for it. Navigate to the realm and click on `Clients` then `Add Client`. Fill in the form with:
-
-* Client ID - `customer-portal`
-
-Then click on `Save`. You will see more possibilities to setup client now, so you can add the following:
-`Access Type` - `confidential`
-`Valid Redirect URIs` - `http://localhost:8080/customer-portal/*` (click `Add` after filling in the field)
-
-Then click on `Save` again so that client is updated.
-
-As it's a confidential (non-public) application you need the secret for it. Click on `Credentials` and note the value of the `Secret` field.
-
-Then edit `/standalone/configuration/standalone.xml` and add the following to ``:
-
-
- demo
- customer-portal
- APPLICATION SECRET
-
-
-In the above snippet replace the following:
-
-* `APPLICATION SECRET` - replace with the applications secret you just noted from the Keycloak admin console
-
-### Product Portal
-
-Next deploy the product portal application.
-
-Run the following to deploy it:
-
- # cd product-app
- # mvn install
- # cp target/product-portal.war /standalone/deployments
-
-Then open the Keycloak admin console to add a configuration for it. Navigate to the realm and click on `Clients` then `Add Client`. Fill in the form with:
-
-* Client ID - `product-portal`
-
-Then click on `Save`. You will see more possibilities to setup client now, so you can add the following:
-
-`Access Type` - `confidential`
-`Valid Redirect URIs` - `http://localhost:8080/product-portal/*` (click `Add` after filling in the field)
-
-Then click on `Save` again so that client is updated.
-
-It's a confidential (non-public) application, so we again need client credentials for it. But for product-portal, we will use authentication with signed JWT instead of traditional OAuth2 client secret.
-Click on `Credentials` and fill the following values:
-
-`Client Authenticator` - `Signed JWT`
-`Use JWKS URL` - `ON`
-`JWKS URL` - `/product-portal/k_jwks`
-
-Then edit `/standalone/configuration/standalone.xml` and add the following to ``:
-
-
- demo
- product-portal
-
- classpath:keystore-client.jks
- JKS
- storepass
- keypass
- clientkey
- 10
-
-
-
-With this configuration, the product-portal application will authenticate with JWT token signed by the private key from the file `keystore-client.jks`, which is available
-inside the application WAR. If you don't use `classpath:` prefix in the configuration, you can use any keystore file from filesystem. If you want to generate your own keystore file,
-you can either use `keytool` tool, but you can also generate the one inside Keycloak admin console and then save it locally.
\ No newline at end of file
diff --git a/examples/demo-template/admin-access-app/pom.xml b/examples/demo-template/admin-access-app/pom.xml
deleted file mode 100755
index c7f57cc68d..0000000000
--- a/examples/demo-template/admin-access-app/pom.xml
+++ /dev/null
@@ -1,87 +0,0 @@
-
-
-
-
-
- keycloak-examples-demo-parent
- org.keycloak
- 16.0.0-SNAPSHOT
-
-
- 4.0.0
- org.keycloak.example.demo
- admin-access-example
- war
- Admin Access Example
-
-
-
-
- jboss
- jboss repo
- https://repository.jboss.org/nexus/content/groups/public/
-
- false
-
-
-
-
-
-
- org.jboss.spec.javax.servlet
- jboss-servlet-api_3.0_spec
- provided
-
-
- org.keycloak
- keycloak-core
- provided
-
-
- org.keycloak
- keycloak-adapter-core
- provided
-
-
- org.apache.httpcomponents
- httpclient
- provided
-
-
-
-
- admin-access
-
-
- org.jboss.as.plugins
- jboss-as-maven-plugin
-
- false
-
-
-
- org.wildfly.plugins
- wildfly-maven-plugin
-
- false
-
-
-
-
-
diff --git a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java b/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
deleted file mode 100755
index 75703f8c71..0000000000
--- a/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.example;
-
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.message.BasicNameValuePair;
-import org.keycloak.OAuth2Constants;
-import org.keycloak.common.util.KeycloakUriBuilder;
-import org.keycloak.common.util.UriUtils;
-import org.keycloak.constants.ServiceUrlConstants;
-import org.keycloak.representations.AccessTokenResponse;
-import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.util.JsonSerialization;
-
-import javax.servlet.http.HttpServletRequest;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class AdminClient {
-
- static class TypedList extends ArrayList {
- }
-
- public static class Failure extends Exception {
- private int status;
-
- public Failure(int status) {
- this.status = status;
- }
-
- public int getStatus() {
- return status;
- }
- }
-
- public static String getContent(HttpEntity entity) throws IOException {
- if (entity == null) return null;
- InputStream is = entity.getContent();
- try {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- int c;
- while ((c = is.read()) != -1) {
- os.write(c);
- }
- byte[] bytes = os.toByteArray();
- String data = new String(bytes);
- return data;
- } finally {
- try {
- is.close();
- } catch (IOException ignored) {
-
- }
- }
-
- }
-
- public static AccessTokenResponse getToken(HttpServletRequest request) throws IOException {
-
- HttpClient client = new DefaultHttpClient();
-
-
- try {
- HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getRequestOrigin(request) + "/auth")
- .path(ServiceUrlConstants.TOKEN_PATH).build("demo"));
- List formparams = new ArrayList ();
- formparams.add(new BasicNameValuePair("username", "admin"));
- formparams.add(new BasicNameValuePair("password", "password"));
- formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "password"));
- formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, "admin-client"));
- UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
- post.setEntity(form);
-
- HttpResponse response = client.execute(post);
- int status = response.getStatusLine().getStatusCode();
- HttpEntity entity = response.getEntity();
- if (status != 200) {
- String json = getContent(entity);
- throw new IOException("Bad status: " + status + " response: " + json);
- }
- if (entity == null) {
- throw new IOException("No Entity");
- }
- String json = getContent(entity);
- return JsonSerialization.readValue(json, AccessTokenResponse.class);
- } finally {
- client.getConnectionManager().shutdown();
- }
- }
-
- public static void logout(HttpServletRequest request, AccessTokenResponse res) throws IOException {
-
- HttpClient client = new DefaultHttpClient();
-
-
- try {
- HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(UriUtils.getOrigin(request.getRequestURL().toString()) + "/auth")
- .path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
- .build("demo"));
- List formparams = new ArrayList();
- formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, res.getRefreshToken()));
- formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, "admin-client"));
- UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
- post.setEntity(form);
- HttpResponse response = client.execute(post);
- boolean status = response.getStatusLine().getStatusCode() != 204;
- HttpEntity entity = response.getEntity();
- if (entity == null) {
- return;
- }
- InputStream is = entity.getContent();
- if (is != null) is.close();
- if (status) {
- throw new RuntimeException("failed to logout");
- }
- } finally {
- client.getConnectionManager().shutdown();
- }
- }
-
- public static List getRealmRoles(HttpServletRequest request, AccessTokenResponse res) throws Failure {
-
- HttpClient client = new DefaultHttpClient();
- try {
- HttpGet get = new HttpGet(UriUtils.getOrigin(request.getRequestURL().toString()) + "/auth/admin/realms/demo/roles");
- get.addHeader("Authorization", "Bearer " + res.getToken());
- try {
- HttpResponse response = client.execute(get);
- if (response.getStatusLine().getStatusCode() != 200) {
- throw new Failure(response.getStatusLine().getStatusCode());
- }
- HttpEntity entity = response.getEntity();
- InputStream is = entity.getContent();
- try {
- return JsonSerialization.readValue(is, TypedList.class);
- } finally {
- is.close();
- }
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- } finally {
- client.getConnectionManager().shutdown();
- }
- }
-
- public static String getRequestOrigin(HttpServletRequest request) {
- return UriUtils.getOrigin(request.getRequestURL().toString());
- }
-
-}
diff --git a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
deleted file mode 100755
index b34f6cda57..0000000000
--- a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml
deleted file mode 100755
index fafc162ea7..0000000000
--- a/examples/demo-template/admin-access-app/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
-
-
-
- admin-access
-
-
diff --git a/examples/demo-template/admin-access-app/src/main/webapp/admin/admin.jsp b/examples/demo-template/admin-access-app/src/main/webapp/admin/admin.jsp
deleted file mode 100755
index 7046211339..0000000000
--- a/examples/demo-template/admin-access-app/src/main/webapp/admin/admin.jsp
+++ /dev/null
@@ -1,31 +0,0 @@
-<%@ page import="org.keycloak.example.AdminClient" %>
-<%@ page import="org.keycloak.representations.AccessTokenResponse" %>
-<%@ page import="org.keycloak.representations.idm.RoleRepresentation" %>
-<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
- pageEncoding="ISO-8859-1" %>
-<%@ page session="false" %>
-
-
- Admin Interface
-
-
-
List of Realm Roles from Admin REST API Call
-<%
- java.util.List list = null;
- try {
- AccessTokenResponse res = AdminClient.getToken(request);
- list = AdminClient.getRealmRoles(request, res);
- AdminClient.logout(request, res);
- } catch (AdminClient.Failure failure) {
- out.println("There was a failure processing request. You either didn't configure Keycloak properly");
- out.println("Status from database service invocation was: " + failure.getStatus());
- return;
- }
- for (RoleRepresentation role : list) {
- out.print("