From c5bfaa60519be89e80ea106596b09015f0561945 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Wed, 28 Jan 2015 10:48:26 +0100 Subject: [PATCH] Added provider section to docs --- distribution/appliance-dist/assembly.xml | 36 +-- .../src/main/providers/README.txt | 2 + .../appliance-dist/src/main/themes/README.txt | 3 + docbook/reference/en/en-US/master.xml | 2 + .../reference/en/en-US/modules/providers.xml | 276 ++++++++++++++++++ .../en/en-US/modules/user-federation.xml | 4 +- .../providers/event-listener-sysout/README.md | 5 +- examples/providers/event-store-mem/README.md | 8 +- .../providers/federation-provider/README.md | 4 +- 9 files changed, 311 insertions(+), 29 deletions(-) create mode 100644 distribution/appliance-dist/src/main/providers/README.txt create mode 100644 distribution/appliance-dist/src/main/themes/README.txt create mode 100755 docbook/reference/en/en-US/modules/providers.xml diff --git a/distribution/appliance-dist/assembly.xml b/distribution/appliance-dist/assembly.xml index 81efad19f2..37f59db68c 100755 --- a/distribution/appliance-dist/assembly.xml +++ b/distribution/appliance-dist/assembly.xml @@ -42,7 +42,8 @@ - ${project.build.directory}/unpacked/deployments/auth-server.war/WEB-INF/classes/META-INF + ${project.build.directory}/unpacked/deployments/auth-server.war/WEB-INF/classes/META-INF + keycloak/standalone/configuration keycloak-server.json @@ -61,27 +62,18 @@ keycloak/welcome-content *.* - + - + + + + src/main/themes/README.txt + keycloak/standalone/configuration/themes + + + src/main/providers/README.txt + keycloak/standalone/configuration/providers + + diff --git a/distribution/appliance-dist/src/main/providers/README.txt b/distribution/appliance-dist/src/main/providers/README.txt new file mode 100644 index 0000000000..a6d523b43f --- /dev/null +++ b/distribution/appliance-dist/src/main/providers/README.txt @@ -0,0 +1,2 @@ +Any provider implementation jars and libraries in this folder will be loaded by Keycloak. See the providers +section in the documentation for more details. \ No newline at end of file diff --git a/distribution/appliance-dist/src/main/themes/README.txt b/distribution/appliance-dist/src/main/themes/README.txt new file mode 100644 index 0000000000..705b73ac69 --- /dev/null +++ b/distribution/appliance-dist/src/main/themes/README.txt @@ -0,0 +1,3 @@ +Themes to configure the look and feel of login pages and account management console. It's not recommended to +modify existing the built-in themes, instead you should create a new theme that extends a built-in theme. See the theme +section in the documentation for more details. \ No newline at end of file diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml index b5c21ab595..090957227a 100755 --- a/docbook/reference/en/en-US/master.xml +++ b/docbook/reference/en/en-US/master.xml @@ -4,6 +4,7 @@ + @@ -79,6 +80,7 @@ This one is short &License; &Overview; &Installation; + &Providers; &OpenShift; &AdminPermissions; &PerRealmAdminPermissions; diff --git a/docbook/reference/en/en-US/modules/providers.xml b/docbook/reference/en/en-US/modules/providers.xml new file mode 100755 index 0000000000..62b5b8e3d8 --- /dev/null +++ b/docbook/reference/en/en-US/modules/providers.xml @@ -0,0 +1,276 @@ + + Providers and SPIs + + + Keycloak is designed to cover most use-cases without requiring custom code, but we also want it to be + customizable. To achive this Keycloak has a number of SPIs which you can implement your own providers for. + + +
+ Implementing a SPI + + To implement an SPI you need to implement it's ProviderFactory and Provider interfaces. You also need to + create a provider-configuration file. For example to implement the Event Listener SPI you need to implement + EventListenerProviderFactory and EventListenerProvider and also provide the file + META-INF/services/org.keycloak.events.EventListenerProviderFactory + + + For example to implement the Event Listener SPI you start by implementing EventListenerProviderFactory: + events; + + public String getId() { + return "my-event-listener"; + } + + public void init(Config.Scope config) { + int max = config.getInt("max"); + events = new MaxList(max); + } + + public EventListenerProvider create(KeycloakSession session) { + return new MyEventListenerProvider(events); + } + + public void close() { + events = null; + } + +} +}]]> + The example uses a MaxList which has a maximum size and is concurrency safe. When the maximum size is reached + and new entries are added the oldest entry is removed. Keycloak creates a single instance of + EventListenerProviderFactory which makes it possible to store state for multiple requests. EventListenerProvider + instances are created by calling create on the factory for each requests so these should be light-weight. + + + Next you would implement EventListenerProvider: + events; + + public MyEventListenerProvider(List events) { + this.events = events; + } + + @Override + public void onEvent(Event event) { + events.add(event); + } + + @Override + public void close() { + + } + +} +}]]> + + + The file META-INF/services/org.keycloak.events.EventListenerProviderFactory should + contain the full name of your ProviderFactory implementation: + + +
+ +
+ Registering provider implementations + + Keycloak loads provider implementations from the file-system. By default all JARs inside + standalone/configuration/providers are loaded. This is simple, but requires all providers + to share the same library. All provides also inherit all classes from the Keycloak class-loader. In the future + we'll add support to load providers from modules, which allows better control of class isolation. + + + To register your provider simply copy the JAR including the ProviderFactory and Provider classes and the + provider configuration file to standalone/configuration/providers. + + + You can also define multiple provider class-path if you want to create isolated class-loaders. To do this + edit keycloak-server.json and add more classpath entries to the providers array. For example: + + The above example will create two separate class-loaders for providers. The classpath entries follow the + same syntax as Java classpath, with ';' separating multiple-entries. Wildcard is also supported allowing + loading all jars (files with .jar or .JAR extension) in a folder, for example: + + +
+ +
+ Available SPIs + + Here's a list of the available SPIs and a brief description. For more details on each SPI refer to + individual + sections. + + + Account + + Provides the account manage console pages. The default implementation uses FreeMarker templates. + + + + Connections Infinispan + + Loads and configures Infinispan connections. The default implementation can load connections + from + the Infinispan subsystem, or alternatively can be manually configured in keycloak-server.json. + + + + Connections Jpa + + Loads and configures Infinispan connections. The default implementation can load datasources + from + WildFly/EAP, or alternatively can be manually configured in keycloak-server.json. + + + + Connections Jpa Updater + + Updates database schema. The default implementation uses Liquibase. + + + + Connections Mongo + + Loads and configures MongoDB connections. The default implementation is configured in + keycloak-server.json. + + + + Email + + Formats and sends email. The default implementation uses FreeMarker templates and JavaMail. + + + + Events Listener + + Listen to user related events for example user login success and failures. Keycloak provides two + implementations out of box. One that logs events to the server log and another that can send + email + notifications to users on certain events. + + + + Events Store + + Store user related events so they can be viewed through the admin console and account management + console. + Keycloak provides implementations for Relational Databases and MongoDB. + + + + Export + + Exports the Keycloak database. Keycloak provides implementations that export to JSON files + either + as a single file, multiple file in a directory or a encrypted ZIP archive. + + + + Import + + Imports and exported Keycloak database. Keycloak provides implementations that import from JSON + files either + as a single file, multiple file in a directory or a encrypted ZIP archive. + + + + Login + + Provides the login pages. The default implementation uses FreeMarker templates. + + + + Login Protocol + + Provides protocols. Keycloak provides implementations of OpenID Connect and SAML 2.0. + + + + Realm + + Provides realm and application meta-data. Keycloak provides implementations for Relational + Databases + and MongoDB. + + + + Realm Cache + + Caches realm and application meta-data to improve performance. Keycloak provides a basic + in-memory + cache and a Infinispan cache. + + + + Theme + + Allows creating themes to customize look and feel. Keycloak provides implementations that can + load + themes from the file-system or classpath. + + + + Timer + + Executes scheduled tasks. Keycloak provides a basic implementation based on java.util.Timer. + + + + User + + Provides users and role-mappings. Keycloak provides implementations for Relational Databases + and MongoDB. + + + + User Cache + + Caches users and role-mappings to improve performance. Keycloak provides a basic in-memory + cache and a Infinispan cache. + + + + User Federation + + Support syncing users from an external source. Keycloak provides implementations for LDAP and + Active Directory. + + + + User Sessions + + Provides users session information. Keycloak provides implementations for basic in-memory, + Infinispan, + Relational Databases and MongoDB + + + + +
+
diff --git a/docbook/reference/en/en-US/modules/user-federation.xml b/docbook/reference/en/en-US/modules/user-federation.xml index 5eb1524419..f1ba3babf3 100755 --- a/docbook/reference/en/en-US/modules/user-federation.xml +++ b/docbook/reference/en/en-US/modules/user-federation.xml @@ -173,8 +173,8 @@ contain a file called org.keycloak.models.UserFederationProviderFactory within the META-INF/services directory of the JAR. This file is a list of fully qualified classnames of all implementations of UserFederationProviderFactory. - This is how Keycloak discovers which providers have been deployed. Place the JAR in the - keycloak WAR deployment in the WEB-INF/lib directory. + For more details on writing provider implementations and how to deploy to Keycloak refer to the + providers section. diff --git a/examples/providers/event-listener-sysout/README.md b/examples/providers/event-listener-sysout/README.md index 1d762d73b1..3325add36c 100644 --- a/examples/providers/event-listener-sysout/README.md +++ b/examples/providers/event-listener-sysout/README.md @@ -1,4 +1,7 @@ Example Event Listener that prints events to System.out ======================================================= -To deploy copy target/event-listener-sysout-example.jar to standalone/deployments/auth-server.war/WEB-INF/lib. Then start (or restart) the server. Once started open the admin console, select your realm, then click on Events, followed by config. Click on Listeners select box, then pick sysout from the dropdown. After this try to logout and login again to see events printed to System.out. +To deploy copy target/event-listener-sysout-example.jar to standalone/configuration/providers. +Then start (or restart) the server. Once started open the admin console, select your realm, then click on Events, +followed by config. Click on Listeners select box, then pick sysout from the dropdown. After this try to logout and +login again to see events printed to System.out. diff --git a/examples/providers/event-store-mem/README.md b/examples/providers/event-store-mem/README.md index 2999bd8dd7..c1762c0793 100644 --- a/examples/providers/event-store-mem/README.md +++ b/examples/providers/event-store-mem/README.md @@ -1,7 +1,9 @@ Example Event Store that stores events in memory ================================================ -To deploy copy target/event-store-mem-example.jar to standalone/deployments/auth-server.war/WEB-INF/lib. Then edit standalone/configuration/keycloak-server.json, change: +To deploy copy target/event-store-mem-example.jar to standalone/configuration/providers. + +Then edit standalone/configuration/keycloak-server.json, change: "eventsStore": { "provider": "jpa" @@ -13,4 +15,6 @@ to: "provider": "in-mem" } -Then start (or restart)the server. Once started open the admin console, select your realm, then click on Events, followed by config. Set the toggle for Enabled to ON. After this try to logout and login again then open the Events tab again in the admin console to view events from the in-mem provider. +Then start (or restart)the server. Once started open the admin console, select your realm, then click on Events, +followed by config. Set the toggle for Enabled to ON. After this try to logout and login again then open the Events tab +again in the admin console to view events from the in-mem provider. diff --git a/examples/providers/federation-provider/README.md b/examples/providers/federation-provider/README.md index b908fe76da..9a25a2e670 100755 --- a/examples/providers/federation-provider/README.md +++ b/examples/providers/federation-provider/README.md @@ -2,8 +2,8 @@ Example User Federation Provider =================================================== This is an example of user federation backed by a simple properties file. This properties file only contains username/password -key pairs. To deploy, build this directory then take the jar and copy it to the WEB-INF/lib of the keycloak server's -WAR file. You will then have to restart the authentication server. +key pairs. To deploy, build this directory then take the jar and copy it to standalone/configuration/providers. +You will then have to restart the authentication server. The ClasspathPropertiesFederationProvider is an example of a readonly provider. If you go to the Users/Federation page of the admin console you will see this provider listed under "classpath-properties. To configure this provider you