Update securing_applications guide for latest adapter changes (community) (#20995)

closes #20994


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
This commit is contained in:
Marek Posolda 2023-06-20 09:21:47 +02:00 committed by GitHub
parent 20121ee9da
commit a6ad701b5e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 24 additions and 8 deletions

View file

@ -1,5 +1,13 @@
=== Java adapters
ifeval::[{project_community}==true]
WARNING: {project_name} OpenID Connect java adapters are deprecated and may not work with the most recent versions of the particular servers or frameworks. We encourage
you to migrate to different OIDC adapters usually provided by the particular server/framework or any other party. In case your application is on WildFly/EAP, the
recommended alternative is Elytron OIDC client.
endif::[]
{project_name} comes with a range of different adapters for Java application. Selecting the correct adapter depends on the target platform.
All Java adapters share a set of common configuration options described in the <<_java_adapter_config,Java Adapters Config>> chapter.

View file

@ -17,6 +17,11 @@ You can install this adapter from a ZIP file or from an RPM.
endif::[]
ifeval::[{project_community}==true]
WARNING: We do not regularly test and maintain WildFly/EAP adapters. They may work only with WildFly version 23 or earlier or with JBoss EAP 7. Also note
that they may work only with JEE applications, but not with Jakarta applications. We recommend that you switch to Elytron OIDC Java adapter to
secure your applications. This adapter has a similar configuration to Keycloak Java adapters and migrating your applications to it should be smooth.
To be able to secure WAR apps deployed on JBoss EAP, WildFly or JBoss AS, you must install and configure the
{project_name} adapter subsystem. You then have two options to secure your WARs.
endif::[]
@ -35,10 +40,6 @@ Adapters are available as a separate archive depending on what server version yo
ifeval::[{project_community}==true]
NOTE: We test and maintain adapters only with the most recent version of WildFly available upon the release. Once a new version of
WildFly is released, the current adapters become deprecated and support for them will be removed after next WildFly release.
The other alternative is to switch your applications from WildFly to the JBoss EAP, as the JBoss EAP adapter is supported for much longer period.
.Procedure
. Install the adapter that applies to your application server from the link:https://www.keycloak.org/downloads[Downloads] site.

View file

@ -13,10 +13,10 @@ Here's an example _web.xml_ file:
[source,xml]
----
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
version="6.0">
<module-name>customer-portal</module-name>

View file

@ -2,6 +2,8 @@
==== Jetty SAML adapters
WARNING: The {project_name} Jetty SAML adapter is deprecated. We recommend that you use another client adapter if possible.
To be able to secure WAR apps deployed on Jetty you must install the {project_name} Jetty 9.4 SAML adapter into your Jetty installation. You then provide some extra configuration in each WAR you deploy to Jetty.
Use the following installation and configuration procedures.

View file

@ -2,6 +2,8 @@
==== Tomcat SAML adapters
WARNING: The {project_name} Tomcat SAML adapter is deprecated. We recommend that you use another client adapter if possible.
To be able to secure WAR apps deployed on Tomcat 8 or 9 you must install the Keycloak Tomcat SAML adapter into your Tomcat installation.
You then have to provide some extra configuration in each WAR you deploy to Tomcat.

View file

@ -2,6 +2,9 @@
=== mod_auth_mellon Apache HTTPD Module
WARNING: {project_name} does not provide any official support to mod_auth_mellon. The instructions below are best-effort and may not be up-to-date.
We recommend that you stick to official mod_auth_mellon documentation for more details.
The https://github.com/latchset/mod_auth_mellon[mod_auth_mellon] module is an Apache HTTPD plugin for SAML. If your language/environment supports using Apache HTTPD as a proxy, then you can use mod_auth_mellon to secure your web application with SAML. For more details on this module see the _mod_auth_mellon_ GitHub repo.
To configure mod_auth_mellon you need: