[[_saml-jetty9-per-war]] ===== Jetty 9 Required Per WAR Configuration This section describes how to secure a WAR directly by adding config and editing files within your WAR package. The first thing you must do is create a `WEB-INF/jetty-web.xml` file in your WAR package. This is a Jetty specific config file and you must define a Keycloak specific authenticator within it. [source,xml] ---- ---- Next you must create a `keycloak-saml.xml` adapter config file within the `WEB-INF` directory of your WAR. The format of this config file is describe in the <<_adapter_config,general adapter configuration>> section. Finally you must specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs. Here's an example: [source,xml] ---- customer-portal Customers /* user CONFIDENTIAL BASIC this is ignored currently admin user ----