libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions

Merge pull request #74 from WalkerWatch/master

Browse source 
Doc update for KEYCLOAK-4108
This commit is contained in:
Stian Thorgersen 2017-01-04 06:37:11 +01:00 committed by GitHub
commit c492e21ec5
1 changed files with 23 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
topics/oidc/java/jetty9-adapter.adoc
View file

@ -2,44 +2,42 @@
[[_jetty9_adapter]] [[_jetty9_adapter]]
==== Jetty 9.x Adapters ==== Jetty 9.x Adapters
Keycloak has a separate adapter for Jetty 9.1.x and Jetty 9.2.x that you will have to install into your Jetty installation. Keycloak has a separate adapter for Jetty 9.1.x, Jetty 9.2.x and Jetty 9.3.x that you will have to install into your Jetty installation.
You then have to provide some extra configuration in each WAR you deploy to Jetty. You then have to provide some extra configuration in each WAR you deploy to Jetty.
Let's go over these steps. Let's go over these steps.
[[_jetty9_adapter_installation]] [[_jetty9_adapter_installation]]
===== Adapter Installation ===== Adapter Installation
Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on the Keycloak download site. Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on the Keycloak download site.
They are also available as a maven artifact. They are also available as a maven artifact.
You must unzip the Jetty 9.x distro into Jetty 9.x's root directory.
Including adapter's jars within your WEB-INF/lib directory will not work!
[source]
----
$ cd $JETTY_HOME
$ unzip keycloak-jetty92-adapter-dist.zip
----
Next, you will have to enable the keycloak module for your jetty.base.
You must unzip the Jetty 9.x distro into Jetty 9.x's link:https://www.eclipse.org/jetty/documentation/current/startup-base-and-home.html[base directory.]
Including adapter's jars within your WEB-INF/lib directory will not work!
In the example below, the Jetty base is named `your-base`:
[source] [source]
---- ----
$ cd your-base $ cd your-base
$ unzip keycloak-jetty93-adapter-dist-2.5.0.Final.zip
----
Next, you will have to enable the `keycloak` module for your Jetty base:
[source]
----
$ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak $ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
---- ----
[[_jetty9_per_war]] [[_jetty9_per_war]]
===== Required Per WAR Configuration ===== Required Per WAR Configuration
This section describes how to secure a WAR directly by adding config and editing files within your WAR package. This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
The first thing you must do is create a `WEB-INF/jetty-web.xml` file in your WAR package. The first thing you must do is create a `WEB-INF/jetty-web.xml` file in your WAR package.
This is a Jetty specific config file and you must define a Keycloak specific authenticator within it. This is a Jetty specific config file and you must define a Keycloak specific authenticator within it.
[source] [source]
---- ----
@ -62,10 +60,10 @@ Next you must create a `keycloak.json` adapter config file within the `WEB-INF`
The format of this config file is describe in the <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>> section. The format of this config file is describe in the <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>> section.
WARNING: The Jetty 9.1.x adapter will not be able to find the `keycloak.json` file. WARNING: The Jetty 9.1.x adapter will not be able to find the `keycloak.json` file.
You will have to define all adapter settings within the `jetty-web.xml` file as described below. You will have to define all adapter settings within the `jetty-web.xml` file as described below.
Instead of using keycloak.json, you can define everything within the `jetty-web.xml`. Instead of using keycloak.json, you can define everything within the `jetty-web.xml`.
You'll just have to figure out how the json settings match to the `org.keycloak.representations.adapters.config.AdapterConfig` class. You'll just have to figure out how the json settings match to the `org.keycloak.representations.adapters.config.AdapterConfig` class.
[source] [source]
@ -98,15 +96,15 @@ You'll just have to figure out how the json settings match to the `org.keycloak.
</Set> </Set>
</Get> </Get>
</Configure> </Configure>
---- ----
You do not have to crack open your WAR to secure it with keycloak. You do not have to crack open your WAR to secure it with keycloak.
Instead create the jetty-web.xml file in your webapps directory with the name of yourwar.xml. Instead create the jetty-web.xml file in your webapps directory with the name of yourwar.xml.
Jetty should pick it up. Jetty should pick it up.
In this mode, you'll have to declare keycloak.json configuration directly within the xml file. In this mode, you'll have to declare keycloak.json configuration directly within the xml file.
Finally you must specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs. Finally you must specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs.
Here's an example: Here's an example:
[source] [source]
@ -145,4 +143,4 @@ Here's an example:
<role-name>user</role-name> <role-name>user</role-name>
</security-role> </security-role>
</web-app> </web-app>
---- ----