Merge pull request #1102 from mposolda/master

Added bouncycastle module to EAP6 and AS7 packaging. Kerberos example README fix
This commit is contained in:
Marek Posolda 2015-03-30 18:05:17 +02:00
commit ade3b4eb75
5 changed files with 37 additions and 7 deletions

View file

@ -46,6 +46,12 @@
<maven-resource group="net.iharder" artifact="base64"/>
</module-def>
<module-def name="org.bouncycastle">
<maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
<maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
<maven-resource group="org.bouncycastle" artifact="bcmail-jdk15on"/>
</module-def>
<module-def name="org.keycloak.keycloak-broker-core">
<maven-resource group="org.keycloak" artifact="keycloak-broker-core"/>
</module-def>

View file

@ -144,6 +144,12 @@
<groupId>org.jboss.aesh</groupId>
<artifactId>aesh</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15on</artifactId>
</dependency>
</dependencies>
<build>

View file

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
<resources>
<resource-root path="bcprov-jdk15on-1.50.jar"/>
<resource-root path="bcmail-jdk15on-1.50.jar"/>
<resource-root path="bcpkix-jdk15on-1.50.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -129,7 +129,7 @@ Then edit `<WILDFLY HOME>/standalone/configuration/standalone.xml` and add the f
<secure-deployment name="product-portal.war">
<realm>demo</realm>
<resource>product-portal</resource>
<credential name="secret">484ba263-8bb5-4048-bb6f-40da75e9eefb</credential>
<credential name="secret">APPLICATION SECRET</credential>
</secure-deployment>
In the above snippet replace the following:

View file

@ -31,8 +31,18 @@ Alternatively you can use OpenJDK7 but in this case you will need to use aes256-
you can add system property to the maven command when running ApacheDS Kerberos server `-Dkerberos.encTypes=aes256-cts-hmac-sha1-96` (see below) and for
client add encryption types to configuration file like `/etc/krb5.conf` (but they should be already available. See below).
Also if you are on Linux, make sure that record like:
```
127.0.0.1 localhost
```
is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid issues related to incompatible reverse lookup (Ensure the similar for other OS as well)
**4)** Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer
**4)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed
for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
**5)** Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer
as shown here:
```
@ -45,11 +55,6 @@ mvn exec:java -Pkerberos
More details about embedded Kerberos server in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).
**5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed
for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
**6)** Configure browser (Firefox, Chrome or other) and enable SPNEGO authentication and credential delegation for `localhost` .
In Firefox it can be done by adding `localhost` to both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` .
More info in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).