Merge pull request #1102 from mposolda/master

Added bouncycastle module to EAP6 and AS7 packaging. Kerberos example README fix
2015-03-30 18:05:17 +02:00 · 2015-03-30 18:05:17 +02:00 · ade3b4eb75
commit ade3b4eb75
parent 76309c1dcb 96b48877b8
5 changed files with 37 additions and 7 deletions
--- a/distribution/modules/build.xml
+++ b/distribution/modules/build.xml
@ -46,6 +46,12 @@
            <maven-resource group="net.iharder" artifact="base64"/>
        </module-def>

+        <module-def name="org.bouncycastle">
+            <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
+            <maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
+            <maven-resource group="org.bouncycastle" artifact="bcmail-jdk15on"/>
+        </module-def>
+
        <module-def name="org.keycloak.keycloak-broker-core">
            <maven-resource group="org.keycloak" artifact="keycloak-broker-core"/>
        </module-def>
--- a/distribution/modules/pom.xml
+++ b/distribution/modules/pom.xml
@ -144,6 +144,12 @@
            <groupId>org.jboss.aesh</groupId>
            <artifactId>aesh</artifactId>
        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcmail-jdk15on</artifactId>
+        </dependency>
+
    </dependencies>

    <build>
--- a/distribution/modules/src/main/resources/modules/org/bouncycastle/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/bouncycastle/main/module.xml
@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
+    <resources>
+        <resource-root path="bcprov-jdk15on-1.50.jar"/>
+        <resource-root path="bcmail-jdk15on-1.50.jar"/>
+        <resource-root path="bcpkix-jdk15on-1.50.jar"/>
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
--- a/examples/demo-template/README.md.unconfigured
+++ b/examples/demo-template/README.md.unconfigured
@ -129,7 +129,7 @@ Then edit `<WILDFLY HOME>/standalone/configuration/standalone.xml` and add the f
    <secure-deployment name="product-portal.war">
        <realm>demo</realm>
        <resource>product-portal</resource>
-        <credential name="secret">484ba263-8bb5-4048-bb6f-40da75e9eefb</credential>
+        <credential name="secret">APPLICATION SECRET</credential>
    </secure-deployment>

 In the above snippet replace the following:
--- a/examples/kerberos/README.md
+++ b/examples/kerberos/README.md
@ -31,8 +31,18 @@ Alternatively you can use OpenJDK7 but in this case you will need to use aes256-
 you can add system property to the maven command when running ApacheDS Kerberos server `-Dkerberos.encTypes=aes256-cts-hmac-sha1-96` (see below) and for 
 client add encryption types to configuration file like `/etc/krb5.conf` (but they should be already available. See below).

+Also if you are on Linux, make sure that record like:
+```
+127.0.0.1       localhost
+```
+is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid issues related to incompatible reverse lookup (Ensure the similar for other OS as well)

-**4)**  Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer 
+
+**4)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed 
+for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server. 
+See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
+
+**5)**  Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer 
 as shown here: 

 ```
@ -44,11 +54,6 @@ mvn exec:java -Pkerberos

 More details about embedded Kerberos server in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).

-
-**5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed 
-for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server. 
-See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
-
  
 **6)** Configure browser (Firefox, Chrome or other) and enable SPNEGO authentication and credential delegation for `localhost` . 
 In Firefox it can be done by adding `localhost` to both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` .