Merge pull request #54 from ccopelloRH/RH622_RH623_RH624_RH625_RH613

Rh622 rh623 rh624 rh625 rh613
This commit is contained in:
ccopelloRH 2016-11-29 17:22:35 -05:00 committed by GitHub
commit e6f7832e15
4 changed files with 14 additions and 15 deletions

View file

@ -38,7 +38,7 @@ This is what one might look like:
---- ----
You can use `${...}` enclosure for system property replacement. For example `${jboss.server.config.dir}` would be replaced by `/path/to/{{book.project.name}}`. You can use `${...}` enclosure for system property replacement. For example `${jboss.server.config.dir}` would be replaced by `/path/to/{{book.project.name}}`.
Replacement of environment variables is also supported via the `env` prefix, e.g. `${env.MY_ENVIRONMENT_VARIABLE}`. Replacement of environment variables is also supported via the `env` prefix, e.g. `${env.MY_ENVIRONMENT_VARIABLE}`.
The initial config file can be obtained from the the admin console. This can be done by opening the admin console, select `Clients` from the menu and clicking The initial config file can be obtained from the the admin console. This can be done by opening the admin console, select `Clients` from the menu and clicking
on the corresponding client. Once the page for the client is opened click on the `Installation` tab and select `Keycloak OIDC JSON`. on the corresponding client. Once the page for the client is opened click on the `Installation` tab and select `Keycloak OIDC JSON`.
@ -118,6 +118,7 @@ expose-token::
The default value is _false_. The default value is _false_.
credentials:: credentials::
Not required for public clients or where the client is "bearer-only."
Specify the credentials of the application. This is an object notation where the key is the credential type and the value is the value of the credential type. Specify the credentials of the application. This is an object notation where the key is the credential type and the value is the value of the credential type.
Currently `password` and `jwt` is supported. Currently `password` and `jwt` is supported.
This is _REQUIRED_. This is _REQUIRED_.
@ -148,7 +149,7 @@ truststore::
Client making HTTPS requests need a way to verify the host of the server they are talking to. Client making HTTPS requests need a way to verify the host of the server they are talking to.
This is what the trustore does. This is what the trustore does.
The keystore contains one or more trusted host certificates or certificate authorities. The keystore contains one or more trusted host certificates or certificate authorities.
You can create this truststore by extracting the public certificate of the {{book.project.name}} server's SSL keystore. You can create this truststore by extracting the public certificate of the {{book.project.name}} server's SSL keystore.
This is _REQUIRED_ unless `ssl-required` is `none` or `disable-trust-manager` is `true`. This is _REQUIRED_ unless `ssl-required` is `none` or `disable-trust-manager` is `true`.
truststore-password:: truststore-password::

View file

@ -1,5 +1,5 @@
[[_jboss_adapter]] [[_jboss_adapter]]
{% if book.community %} {% if book.community %}
==== JBoss EAP/Wildfly Adapter ==== JBoss EAP/Wildfly Adapter
{% endif %} {% endif %}
@ -112,7 +112,7 @@ is not running:
[source] [source]
---- ----
$ ./bin/jboss-cli.sh --file=adapter-install-offline.cli $ ./bin/jboss-cli.sh --file=adapter-install-offline.cli
---- ----
If you are planning to add it manually you need to add the extension and subsystem definition to the server configuration: If you are planning to add it manually you need to add the extension and subsystem definition to the server configuration:
@ -146,7 +146,7 @@ If you need to be able to propagate the security context from the web tier to th
... ...
---- ----
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want to annotate it with the @SecurityDomain annotation as follows: For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want to annotate it with the @SecurityDomain annotation as follows:
[source] [source]
---- ----
@ -183,7 +183,7 @@ public class CustomerService {
===== Required Per WAR Configuration ===== Required Per WAR Configuration
This section describes how to secure a WAR directly by adding config and editing files within your WAR package. This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
The first thing you must do is create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR. The first thing you must do is create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR.
@ -241,7 +241,7 @@ Here's an example:
<role-name>user</role-name> <role-name>user</role-name>
</security-role> </security-role>
</web-app> </web-app>
---- ----
===== Securing WARs via Adapter Subsystem ===== Securing WARs via Adapter Subsystem
@ -272,10 +272,10 @@ This metadata is instead defined within server configuration (i.e. `standalone.x
The `secure-deployment` `name` attribute identifies the WAR you want to secure. The `secure-deployment` `name` attribute identifies the WAR you want to secure.
Its value is the `module-name` defined in `web.xml` with `.war` appended. The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>>. Its value is the `module-name` defined in `web.xml` with `.war` appended. The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>>.
The exception is the `credential` element. The exception is the `credential` element.
To make it easier for you, you can go to the {{book.project.name}} Administration Console and go to the Client/Installation tab of the application this WAR is aligned with. To make it easier for you, you can go to the {{book.project.name}} Administration Console and go to the Client/Installation tab of the application this WAR is aligned with.
It provides an example XML file you can cut and paste. It provides an example XML file you can cut and paste.
If you have multiple deployments secured by the same realm you can share the realm configuration in a separate element. For example: If you have multiple deployments secured by the same realm you can share the realm configuration in a separate element. For example:
@ -302,4 +302,4 @@ If you have multiple deployments secured by the same realm you can share the rea
<bearer-only>true</bearer-only> <bearer-only>true</bearer-only>
</secure-deployment> </secure-deployment>
</subsystem> </subsystem>
---- ----

View file

@ -27,7 +27,7 @@
===== Node.js (server-side) ===== Node.js (server-side)
* <<fake/../../oidc/nodejs-adapter.adoc#_nodejs_adapter,Node.js>> * <<fake/../../oidc/nodejs-adapter.adoc#_nodejs_adapter,Node.js>>
===== Apache Cordova ===== JavaScript
* <<fake/../../oidc/javascript-adapter.adoc#_javascript_adapter,JavaScript>> * <<fake/../../oidc/javascript-adapter.adoc#_javascript_adapter,JavaScript>>
{% if book.community %} {% if book.community %}
@ -76,4 +76,4 @@
===== Apache HTTP Server ===== Apache HTTP Server
* https://github.com/UNINETT/mod_auth_mellon[mod_auth_mellon] * <<fake/../../saml/mod-auth-mellon.adoc#,mod_auth_mellon>>

View file

@ -15,6 +15,4 @@ To be able to secure WAR apps deployed on JBoss EAP, you must install and config
{% endif %} {% endif %}
You then provide a keycloak config, `/WEB-INF/keycloak-saml.xml` file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml. You then provide a keycloak config, `/WEB-INF/keycloak-saml.xml` file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
Both methods are described in this section. Both methods are described in this section.