Merge pull request #1102 from mposolda/master
Added bouncycastle module to EAP6 and AS7 packaging. Kerberos example README fix
This commit is contained in:
commit
ade3b4eb75
5 changed files with 37 additions and 7 deletions
|
@ -46,6 +46,12 @@
|
|||
<maven-resource group="net.iharder" artifact="base64"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.bouncycastle">
|
||||
<maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
|
||||
<maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
|
||||
<maven-resource group="org.bouncycastle" artifact="bcmail-jdk15on"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-broker-core">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-broker-core"/>
|
||||
</module-def>
|
||||
|
|
|
@ -144,6 +144,12 @@
|
|||
<groupId>org.jboss.aesh</groupId>
|
||||
<artifactId>aesh</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcmail-jdk15on</artifactId>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
|
||||
<resources>
|
||||
<resource-root path="bcprov-jdk15on-1.50.jar"/>
|
||||
<resource-root path="bcmail-jdk15on-1.50.jar"/>
|
||||
<resource-root path="bcpkix-jdk15on-1.50.jar"/>
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -129,7 +129,7 @@ Then edit `<WILDFLY HOME>/standalone/configuration/standalone.xml` and add the f
|
|||
<secure-deployment name="product-portal.war">
|
||||
<realm>demo</realm>
|
||||
<resource>product-portal</resource>
|
||||
<credential name="secret">484ba263-8bb5-4048-bb6f-40da75e9eefb</credential>
|
||||
<credential name="secret">APPLICATION SECRET</credential>
|
||||
</secure-deployment>
|
||||
|
||||
In the above snippet replace the following:
|
||||
|
|
|
@ -31,8 +31,18 @@ Alternatively you can use OpenJDK7 but in this case you will need to use aes256-
|
|||
you can add system property to the maven command when running ApacheDS Kerberos server `-Dkerberos.encTypes=aes256-cts-hmac-sha1-96` (see below) and for
|
||||
client add encryption types to configuration file like `/etc/krb5.conf` (but they should be already available. See below).
|
||||
|
||||
Also if you are on Linux, make sure that record like:
|
||||
```
|
||||
127.0.0.1 localhost
|
||||
```
|
||||
is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid issues related to incompatible reverse lookup (Ensure the similar for other OS as well)
|
||||
|
||||
**4)** Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer
|
||||
|
||||
**4)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed
|
||||
for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
|
||||
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
|
||||
|
||||
**5)** Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer
|
||||
as shown here:
|
||||
|
||||
```
|
||||
|
@ -45,11 +55,6 @@ mvn exec:java -Pkerberos
|
|||
More details about embedded Kerberos server in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).
|
||||
|
||||
|
||||
**5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed
|
||||
for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
|
||||
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
|
||||
|
||||
|
||||
**6)** Configure browser (Firefox, Chrome or other) and enable SPNEGO authentication and credential delegation for `localhost` .
|
||||
In Firefox it can be done by adding `localhost` to both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` .
|
||||
More info in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).
|
||||
|
|
Loading…
Reference in a new issue