The JBoss EAP6 Adapter is contained in the Keycloak distribution within the adapters/keycloak-eap6-adapter-dist.zip file. Conversely, the JBoss AS 7.1.1 adapter is contained in the file adapters/keycloak-as7-adapter-dist.zip To install it: $ cd $JBOSS_HOME # For an EAP distro $ unzip keycloak-eap6-adapter-dist.zip or # For an JBoss AS 7.1.1 distro $ unzip keycloak-as7-adapter-dist.zip This zip file creates new JBoss Modules specific to the JBoss EAP6 Keycloak Adapter within your JBoss distro.

The JBoss EAP6 Adapter is enabled per WAR application. The adapter code is contained in a JBoss Module so you must first create a jboss-deployment-structure.xml within your WAR's WEB-INF directory that imports the JBoss EAP6 Keycloak Adapter. ]]> It is possible to add the adapter jars directory to your WAR, but its best to do module imports because the adapter's dependencies may conflict with your application's. Next thing you have to do is turn on the Keycloak adapter for this deployment. To do this you must create a WEB-INF/jboss-web.xml file and specify a a Keycloak valve. This will override any login-config setting you have defined with web.xml org.keycloak.adapters.as7.KeycloakAuthenticatorValve ]]> After creating the jboss-web.xml configuration file, you must create a keycloak.json adapter config file within the WEB-INF directory of your WAR. The format of this config file is describe in the general adapter configuration section. While you do have to specify a login-config in your WAR's web.xml, it doesn't matter what values you put there. You also have to use standard servlet security to specify role-base constraints on your URLs. Here's an example pulled from one of the examples that comes distributed with Keycloak. customer-portal Admins /admin/* admin Customers /customers/* user BASIC commerce admin user ]]>

]