=== Configuring the Subsystem

To configure the {appserver_name} instance that the application is deployed on so that this app is secured by {project_name}, complete the following steps.

. Open the `standalone/configuration/standalone.xml` file in the {appserver_name} instance that the application is deployed on and search for the following text:
+
[source,xml]
----
<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
----

. Modify this text to prepare the file for pasting in contents from the *Keycloak OIDC JBoss Subsystem XML* template we obtained {project_name} admin console *Installation* tab by changing the XML entry from self-closing to using a pair of opening and closing tags:
+
[source,xml]
----
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
</subsystem>
----

. Paste the contents of the template within the `<subsystem>` element, as shown in this example:
+
[source,xml]
----
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
  <secure-deployment name="WAR MODULE NAME.war">
    <realm>demo</realm>
    <auth-server-url>http://localhost:8180/auth</auth-server-url>
    <public-client>true</public-client>
    <ssl-required>EXTERNAL</ssl-required>
    <resource>vanilla</resource>
  </secure-deployment>
</subsystem>
----

. Change the `name` to `vanilla.war`:
+
[source,xml]
----
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
  <secure-deployment name="vanilla.war">
  ...
</subsystem>
----

. Reboot the application server.

. Go to http://localhost:8080/vanilla and click *Login*. When the {project_name} login page opens, log in using the user you created in <<_create-new-user, Creating a New User>>.