keycloak-scim/examples/fuse
2017-12-21 15:06:00 +01:00
..
camel Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
customer-app-fuse Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
cxf-jaxrs Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
cxf-jaxws Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
external-config Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
features Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
fuse-admin KEYCLOAK-3956 Update fuse documentation 2016-11-24 15:55:44 +01:00
product-app-fuse Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
demorealm.json
pom.xml Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
README.md KEYCLOAK-3956 Update fuse documentation 2016-11-24 15:55:44 +01:00

Keycloak Fuse demo

Currently Keycloak supports securing your web applications running inside JBoss Fuse or Apache Karaf. It leverages:

  • Jetty9 adapter for both JBoss Fuse 6.3 and Apache Karaf 4, that include Jetty9 server under the covers and Jetty is used for running various kinds of web applications
  • Jetty8 adapter for both JBoss Fuse 6.2 and Apache Karaf 3, that include Jetty8 server under the covers and Jetty is used for running various kinds of web applications

It's highly recommended to use the JBoss Fuse 6.3.0 Rollup 1 or newer for this tutorial.

WARNING: Running your applications inside standalone Apache Karaf may work, however we are testing just with JBoss Fuse 6.3.0 Rollup 1 and not with standalone Karaf server. Also we
did not test with Fuse versions older than 6.3.0 Rollup 1. So if you really want adapter on standalone Karaf server or older Fuse, it's up to you to figure exact steps to have it working.

The Fuse example is slightly modified version of Keycloak base demo applications. The main difference among base demo is that for Fuse demo are applications running on separate Fuse server. Keycloak server is supposed to run separately on Wildfly.

Fuse demo contains those basic applications:

Running of demo consists of 2 steps. First you need to run separate Keycloak server and then Fuse server with the applications

Base steps

  • Run external instance of Keycloak server on WildFly . It's easiest to run and download Keycloak standalone server. Fuse demo suppose that server is running on http://localhost:8080/auth
  • Import realm demo from the file demorealm.json on examples/fuse/demorealm.json . See here the details on how to import the realm
  • Then download Keycloak examples and build Fuse example, which is needed so the feature repository is added to your local maven repo:
unzip -q keycloak-examples-<VERSION>.zip
cd keycloak-examples-<VERSION>/fuse
mvn clean install

Running demo on JBoss Fuse 6.3.0 Rollup 1

You just need to download and run JBoss Fuse and then run those commands from the karaf terminal to install the needed features and Keycloak fuse demo (Replace Keycloak versions with the current Keycloak version number):

KEYCLOAK_VERSION="2.2.1.Final"
features:addurl mvn:org.keycloak/keycloak-osgi-features/$KEYCLOAK_VERSION/xml/features
features:addurl mvn:org.keycloak.example.demo/keycloak-fuse-example-features/$KEYCLOAK_VERSION/xml/features
features:install keycloak-fuse-6.3-example

After that you can test running on http://localhost:8181/customer-portal and login as "bburke@redhat.com" with password "password". Customer-portal is able to receive the response from the endpoints provided by cxf-jaxrs and camel applications. Note that camel endpoint is available just for users with role admin in this demo, so "bburke@redhat.com" can't access it. You may login as "admin" with password "password" in order to invoke camel endpoint.

From http://localhost:8181/product-portal you will see servlet endpoint, which invokes JAX-WS provided by cxf-jaxws application.

Note that this demo also secures whole default CXF endpoint on http://localhost:8181/cxf hence every application running under it is secured too.

To have the external-config example running, you can copy the file examples/fuse/external-config/external-config-keycloak.json to the $FUSE_HOME/etc directory. Then go to http://localhost:8181/external-config/index.html to test the secured application.

How to secure your own application

See Docs for more details.

How to secure Fuse admin services

It's possible to secure fuse admin services with Keycloak too. See fuse-admin for info on how to secure Fuse admin console, remote SSH and JMX access with Keycloak.