Merge pull request #54 from ccopelloRH/RH622_RH623_RH624_RH625_RH613
Rh622 rh623 rh624 rh625 rh613
This commit is contained in:
ccopelloRH
GitHub
commit
e6f7832e15
4 changed files with 14 additions and 15 deletions
|
|
@ -38,7 +38,7 @@ This is what one might look like:
|
|||
----
|
||||
|
||||
You can use `${...}` enclosure for system property replacement. For example `${jboss.server.config.dir}` would be replaced by `/path/to/{{book.project.name}}`.
|
||||
Replacement of environment variables is also supported via the `env` prefix, e.g. `${env.MY_ENVIRONMENT_VARIABLE}`.
|
||||
Replacement of environment variables is also supported via the `env` prefix, e.g. `${env.MY_ENVIRONMENT_VARIABLE}`.
|
||||
|
||||
The initial config file can be obtained from the the admin console. This can be done by opening the admin console, select `Clients` from the menu and clicking
|
||||
on the corresponding client. Once the page for the client is opened click on the `Installation` tab and select `Keycloak OIDC JSON`.
|
||||
|
|
@ -118,6 +118,7 @@ expose-token::
|
|||
The default value is _false_.
|
||||
|
||||
credentials::
|
||||
Not required for public clients or where the client is "bearer-only."
|
||||
Specify the credentials of the application. This is an object notation where the key is the credential type and the value is the value of the credential type.
|
||||
Currently `password` and `jwt` is supported.
|
||||
This is _REQUIRED_.
|
||||
|
|
@ -148,7 +149,7 @@ truststore::
|
|||
Client making HTTPS requests need a way to verify the host of the server they are talking to.
|
||||
This is what the trustore does.
|
||||
The keystore contains one or more trusted host certificates or certificate authorities.
|
||||
You can create this truststore by extracting the public certificate of the {{book.project.name}} server's SSL keystore.
|
||||
You can create this truststore by extracting the public certificate of the {{book.project.name}} server's SSL keystore.
|
||||
This is _REQUIRED_ unless `ssl-required` is `none` or `disable-trust-manager` is `true`.
|
||||
|
||||
truststore-password::
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
[[_jboss_adapter]]
|
||||
|
||||
{% if book.community %}
|
||||
==== JBoss EAP/Wildfly Adapter
|
||||
{% endif %}
|
||||
|
|
@ -112,7 +112,7 @@ is not running:
|
|||
[source]
|
||||
----
|
||||
$ ./bin/jboss-cli.sh --file=adapter-install-offline.cli
|
||||
----
|
||||
----
|
||||
|
||||
If you are planning to add it manually you need to add the extension and subsystem definition to the server configuration:
|
||||
|
||||
|
|
@ -146,7 +146,7 @@ If you need to be able to propagate the security context from the web tier to th
|
|||
...
|
||||
----
|
||||
|
||||
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want to annotate it with the @SecurityDomain annotation as follows:
|
||||
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want to annotate it with the @SecurityDomain annotation as follows:
|
||||
|
||||
[source]
|
||||
----
|
||||
|
|
@ -183,7 +183,7 @@ public class CustomerService {
|
|||
|
||||
===== Required Per WAR Configuration
|
||||
|
||||
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||
|
||||
The first thing you must do is create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR.
|
||||
|
||||
|
|
@ -241,7 +241,7 @@ Here's an example:
|
|||
<role-name>user</role-name>
|
||||
</security-role>
|
||||
</web-app>
|
||||
----
|
||||
----
|
||||
|
||||
===== Securing WARs via Adapter Subsystem
|
||||
|
||||
|
|
@ -272,10 +272,10 @@ This metadata is instead defined within server configuration (i.e. `standalone.x
|
|||
The `secure-deployment` `name` attribute identifies the WAR you want to secure.
|
||||
Its value is the `module-name` defined in `web.xml` with `.war` appended. The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>>.
|
||||
|
||||
The exception is the `credential` element.
|
||||
The exception is the `credential` element.
|
||||
|
||||
To make it easier for you, you can go to the {{book.project.name}} Administration Console and go to the Client/Installation tab of the application this WAR is aligned with.
|
||||
It provides an example XML file you can cut and paste.
|
||||
It provides an example XML file you can cut and paste.
|
||||
|
||||
If you have multiple deployments secured by the same realm you can share the realm configuration in a separate element. For example:
|
||||
|
||||
|
|
@ -302,4 +302,4 @@ If you have multiple deployments secured by the same realm you can share the rea
|
|||
<bearer-only>true</bearer-only>
|
||||
</secure-deployment>
|
||||
</subsystem>
|
||||
----
|
||||
----
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
===== Node.js (server-side)
|
||||
* <<fake/../../oidc/nodejs-adapter.adoc#_nodejs_adapter,Node.js>>
|
||||
|
||||
===== Apache Cordova
|
||||
===== JavaScript
|
||||
* <<fake/../../oidc/javascript-adapter.adoc#_javascript_adapter,JavaScript>>
|
||||
|
||||
{% if book.community %}
|
||||
|
|
@ -76,4 +76,4 @@
|
|||
|
||||
===== Apache HTTP Server
|
||||
|
||||
* https://github.com/UNINETT/mod_auth_mellon[mod_auth_mellon]
|
||||
* <<fake/../../saml/mod-auth-mellon.adoc#,mod_auth_mellon>>
|
||||
|
|
|
|||
|
|
@ -15,6 +15,4 @@ To be able to secure WAR apps deployed on JBoss EAP, you must install and config
|
|||
{% endif %}
|
||||
|
||||
You then provide a keycloak config, `/WEB-INF/keycloak-saml.xml` file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
|
||||
Both methods are described in this section.
|
||||
|
||||
|
||||
Both methods are described in this section.
|
||||
|
|
|
|||
Loading…
Reference in a new issue