Update securing_applications guide for latest adapter changes (community) (#20995)
closes #20994 Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
This commit is contained in:
parent
20121ee9da
commit
a6ad701b5e
6 changed files with 24 additions and 8 deletions
|
@ -1,5 +1,13 @@
|
|||
=== Java adapters
|
||||
|
||||
ifeval::[{project_community}==true]
|
||||
|
||||
WARNING: {project_name} OpenID Connect java adapters are deprecated and may not work with the most recent versions of the particular servers or frameworks. We encourage
|
||||
you to migrate to different OIDC adapters usually provided by the particular server/framework or any other party. In case your application is on WildFly/EAP, the
|
||||
recommended alternative is Elytron OIDC client.
|
||||
|
||||
endif::[]
|
||||
|
||||
{project_name} comes with a range of different adapters for Java application. Selecting the correct adapter depends on the target platform.
|
||||
|
||||
All Java adapters share a set of common configuration options described in the <<_java_adapter_config,Java Adapters Config>> chapter.
|
|
@ -17,6 +17,11 @@ You can install this adapter from a ZIP file or from an RPM.
|
|||
endif::[]
|
||||
|
||||
ifeval::[{project_community}==true]
|
||||
|
||||
WARNING: We do not regularly test and maintain WildFly/EAP adapters. They may work only with WildFly version 23 or earlier or with JBoss EAP 7. Also note
|
||||
that they may work only with JEE applications, but not with Jakarta applications. We recommend that you switch to Elytron OIDC Java adapter to
|
||||
secure your applications. This adapter has a similar configuration to Keycloak Java adapters and migrating your applications to it should be smooth.
|
||||
|
||||
To be able to secure WAR apps deployed on JBoss EAP, WildFly or JBoss AS, you must install and configure the
|
||||
{project_name} adapter subsystem. You then have two options to secure your WARs.
|
||||
endif::[]
|
||||
|
@ -35,10 +40,6 @@ Adapters are available as a separate archive depending on what server version yo
|
|||
|
||||
ifeval::[{project_community}==true]
|
||||
|
||||
NOTE: We test and maintain adapters only with the most recent version of WildFly available upon the release. Once a new version of
|
||||
WildFly is released, the current adapters become deprecated and support for them will be removed after next WildFly release.
|
||||
The other alternative is to switch your applications from WildFly to the JBoss EAP, as the JBoss EAP adapter is supported for much longer period.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Install the adapter that applies to your application server from the link:https://www.keycloak.org/downloads[Downloads] site.
|
||||
|
|
|
@ -13,10 +13,10 @@ Here's an example _web.xml_ file:
|
|||
[source,xml]
|
||||
----
|
||||
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
|
||||
version="6.0">
|
||||
|
||||
<module-name>customer-portal</module-name>
|
||||
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
==== Jetty SAML adapters
|
||||
|
||||
WARNING: The {project_name} Jetty SAML adapter is deprecated. We recommend that you use another client adapter if possible.
|
||||
|
||||
To be able to secure WAR apps deployed on Jetty you must install the {project_name} Jetty 9.4 SAML adapter into your Jetty installation. You then provide some extra configuration in each WAR you deploy to Jetty.
|
||||
|
||||
Use the following installation and configuration procedures.
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
==== Tomcat SAML adapters
|
||||
|
||||
WARNING: The {project_name} Tomcat SAML adapter is deprecated. We recommend that you use another client adapter if possible.
|
||||
|
||||
To be able to secure WAR apps deployed on Tomcat 8 or 9 you must install the Keycloak Tomcat SAML adapter into your Tomcat installation.
|
||||
You then have to provide some extra configuration in each WAR you deploy to Tomcat.
|
||||
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
|
||||
=== mod_auth_mellon Apache HTTPD Module
|
||||
|
||||
WARNING: {project_name} does not provide any official support to mod_auth_mellon. The instructions below are best-effort and may not be up-to-date.
|
||||
We recommend that you stick to official mod_auth_mellon documentation for more details.
|
||||
|
||||
The https://github.com/latchset/mod_auth_mellon[mod_auth_mellon] module is an Apache HTTPD plugin for SAML. If your language/environment supports using Apache HTTPD as a proxy, then you can use mod_auth_mellon to secure your web application with SAML. For more details on this module see the _mod_auth_mellon_ GitHub repo.
|
||||
|
||||
To configure mod_auth_mellon you need:
|
||||
|
|
Loading…
Reference in a new issue