Merge pull request #54 from ccopelloRH/RH622_RH623_RH624_RH625_RH613
Rh622 rh623 rh624 rh625 rh613
This commit is contained in:
commit
e6f7832e15
4 changed files with 14 additions and 15 deletions
|
@ -38,7 +38,7 @@ This is what one might look like:
|
||||||
----
|
----
|
||||||
|
|
||||||
You can use `${...}` enclosure for system property replacement. For example `${jboss.server.config.dir}` would be replaced by `/path/to/{{book.project.name}}`.
|
You can use `${...}` enclosure for system property replacement. For example `${jboss.server.config.dir}` would be replaced by `/path/to/{{book.project.name}}`.
|
||||||
Replacement of environment variables is also supported via the `env` prefix, e.g. `${env.MY_ENVIRONMENT_VARIABLE}`.
|
Replacement of environment variables is also supported via the `env` prefix, e.g. `${env.MY_ENVIRONMENT_VARIABLE}`.
|
||||||
|
|
||||||
The initial config file can be obtained from the the admin console. This can be done by opening the admin console, select `Clients` from the menu and clicking
|
The initial config file can be obtained from the the admin console. This can be done by opening the admin console, select `Clients` from the menu and clicking
|
||||||
on the corresponding client. Once the page for the client is opened click on the `Installation` tab and select `Keycloak OIDC JSON`.
|
on the corresponding client. Once the page for the client is opened click on the `Installation` tab and select `Keycloak OIDC JSON`.
|
||||||
|
@ -118,6 +118,7 @@ expose-token::
|
||||||
The default value is _false_.
|
The default value is _false_.
|
||||||
|
|
||||||
credentials::
|
credentials::
|
||||||
|
Not required for public clients or where the client is "bearer-only."
|
||||||
Specify the credentials of the application. This is an object notation where the key is the credential type and the value is the value of the credential type.
|
Specify the credentials of the application. This is an object notation where the key is the credential type and the value is the value of the credential type.
|
||||||
Currently `password` and `jwt` is supported.
|
Currently `password` and `jwt` is supported.
|
||||||
This is _REQUIRED_.
|
This is _REQUIRED_.
|
||||||
|
@ -148,7 +149,7 @@ truststore::
|
||||||
Client making HTTPS requests need a way to verify the host of the server they are talking to.
|
Client making HTTPS requests need a way to verify the host of the server they are talking to.
|
||||||
This is what the trustore does.
|
This is what the trustore does.
|
||||||
The keystore contains one or more trusted host certificates or certificate authorities.
|
The keystore contains one or more trusted host certificates or certificate authorities.
|
||||||
You can create this truststore by extracting the public certificate of the {{book.project.name}} server's SSL keystore.
|
You can create this truststore by extracting the public certificate of the {{book.project.name}} server's SSL keystore.
|
||||||
This is _REQUIRED_ unless `ssl-required` is `none` or `disable-trust-manager` is `true`.
|
This is _REQUIRED_ unless `ssl-required` is `none` or `disable-trust-manager` is `true`.
|
||||||
|
|
||||||
truststore-password::
|
truststore-password::
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
[[_jboss_adapter]]
|
[[_jboss_adapter]]
|
||||||
|
|
||||||
{% if book.community %}
|
{% if book.community %}
|
||||||
==== JBoss EAP/Wildfly Adapter
|
==== JBoss EAP/Wildfly Adapter
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -112,7 +112,7 @@ is not running:
|
||||||
[source]
|
[source]
|
||||||
----
|
----
|
||||||
$ ./bin/jboss-cli.sh --file=adapter-install-offline.cli
|
$ ./bin/jboss-cli.sh --file=adapter-install-offline.cli
|
||||||
----
|
----
|
||||||
|
|
||||||
If you are planning to add it manually you need to add the extension and subsystem definition to the server configuration:
|
If you are planning to add it manually you need to add the extension and subsystem definition to the server configuration:
|
||||||
|
|
||||||
|
@ -146,7 +146,7 @@ If you need to be able to propagate the security context from the web tier to th
|
||||||
...
|
...
|
||||||
----
|
----
|
||||||
|
|
||||||
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want to annotate it with the @SecurityDomain annotation as follows:
|
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want to annotate it with the @SecurityDomain annotation as follows:
|
||||||
|
|
||||||
[source]
|
[source]
|
||||||
----
|
----
|
||||||
|
@ -183,7 +183,7 @@ public class CustomerService {
|
||||||
|
|
||||||
===== Required Per WAR Configuration
|
===== Required Per WAR Configuration
|
||||||
|
|
||||||
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||||
|
|
||||||
The first thing you must do is create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR.
|
The first thing you must do is create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR.
|
||||||
|
|
||||||
|
@ -241,7 +241,7 @@ Here's an example:
|
||||||
<role-name>user</role-name>
|
<role-name>user</role-name>
|
||||||
</security-role>
|
</security-role>
|
||||||
</web-app>
|
</web-app>
|
||||||
----
|
----
|
||||||
|
|
||||||
===== Securing WARs via Adapter Subsystem
|
===== Securing WARs via Adapter Subsystem
|
||||||
|
|
||||||
|
@ -272,10 +272,10 @@ This metadata is instead defined within server configuration (i.e. `standalone.x
|
||||||
The `secure-deployment` `name` attribute identifies the WAR you want to secure.
|
The `secure-deployment` `name` attribute identifies the WAR you want to secure.
|
||||||
Its value is the `module-name` defined in `web.xml` with `.war` appended. The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>>.
|
Its value is the `module-name` defined in `web.xml` with `.war` appended. The rest of the configuration corresponds pretty much one to one with the `keycloak.json` configuration options defined in <<fake/../java-adapter-config.adoc#_java_adapter_config,Java adapter configuration>>.
|
||||||
|
|
||||||
The exception is the `credential` element.
|
The exception is the `credential` element.
|
||||||
|
|
||||||
To make it easier for you, you can go to the {{book.project.name}} Administration Console and go to the Client/Installation tab of the application this WAR is aligned with.
|
To make it easier for you, you can go to the {{book.project.name}} Administration Console and go to the Client/Installation tab of the application this WAR is aligned with.
|
||||||
It provides an example XML file you can cut and paste.
|
It provides an example XML file you can cut and paste.
|
||||||
|
|
||||||
If you have multiple deployments secured by the same realm you can share the realm configuration in a separate element. For example:
|
If you have multiple deployments secured by the same realm you can share the realm configuration in a separate element. For example:
|
||||||
|
|
||||||
|
@ -302,4 +302,4 @@ If you have multiple deployments secured by the same realm you can share the rea
|
||||||
<bearer-only>true</bearer-only>
|
<bearer-only>true</bearer-only>
|
||||||
</secure-deployment>
|
</secure-deployment>
|
||||||
</subsystem>
|
</subsystem>
|
||||||
----
|
----
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
===== Node.js (server-side)
|
===== Node.js (server-side)
|
||||||
* <<fake/../../oidc/nodejs-adapter.adoc#_nodejs_adapter,Node.js>>
|
* <<fake/../../oidc/nodejs-adapter.adoc#_nodejs_adapter,Node.js>>
|
||||||
|
|
||||||
===== Apache Cordova
|
===== JavaScript
|
||||||
* <<fake/../../oidc/javascript-adapter.adoc#_javascript_adapter,JavaScript>>
|
* <<fake/../../oidc/javascript-adapter.adoc#_javascript_adapter,JavaScript>>
|
||||||
|
|
||||||
{% if book.community %}
|
{% if book.community %}
|
||||||
|
@ -76,4 +76,4 @@
|
||||||
|
|
||||||
===== Apache HTTP Server
|
===== Apache HTTP Server
|
||||||
|
|
||||||
* https://github.com/UNINETT/mod_auth_mellon[mod_auth_mellon]
|
* <<fake/../../saml/mod-auth-mellon.adoc#,mod_auth_mellon>>
|
||||||
|
|
|
@ -15,6 +15,4 @@ To be able to secure WAR apps deployed on JBoss EAP, you must install and config
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
You then provide a keycloak config, `/WEB-INF/keycloak-saml.xml` file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
|
You then provide a keycloak config, `/WEB-INF/keycloak-saml.xml` file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
|
||||||
Both methods are described in this section.
|
Both methods are described in this section.
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue