41358eea4d
Previously one had to configure hardcoded urls to link from one client
application to others since keycloak didn't provide a way to get the
actual client URL by providing clientId and realm information.
We now support a new endpoint with the path {realm}/clients/{client_id}/redirect
that responds to GET requests with a 307 (temporary redirect) with the
configured client URL. This allows to refer to any client just by the
realmName and clientId and let Keycloak redirect to the actual client
application.
Add documentation for new redirect endpoint.
181 lines
7.3 KiB
XML
Executable file
181 lines
7.3 KiB
XML
Executable file
<!--
|
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
~ and other contributors as indicated by the @author tags.
|
|
~
|
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
~ you may not use this file except in compliance with the License.
|
|
~ You may obtain a copy of the License at
|
|
~
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
~
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
~ See the License for the specific language governing permissions and
|
|
~ limitations under the License.
|
|
-->
|
|
|
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
"http://www.docbook.org/xml/4.4/docbookx.dtd"
|
|
[
|
|
<!ENTITY License SYSTEM "modules/License.xml">
|
|
<!ENTITY Overview SYSTEM "modules/Overview.xml">
|
|
<!ENTITY Installation SYSTEM "modules/server-installation.xml">
|
|
<!ENTITY Providers SYSTEM "modules/providers.xml">
|
|
<!ENTITY OpenShift SYSTEM "modules/openshift.xml">
|
|
<!ENTITY AdminPermissions SYSTEM "modules/admin-permissions.xml">
|
|
<!ENTITY PerRealmAdminPermissions SYSTEM "modules/per-realm-admin-permissions.xml">
|
|
<!ENTITY AccessTypes SYSTEM "modules/access-types.xml">
|
|
<!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
|
|
<!ENTITY JBossAdapter SYSTEM "modules/jboss-adapter.xml">
|
|
<!ENTITY JavascriptAdapter SYSTEM "modules/javascript-adapter.xml">
|
|
<!ENTITY TomcatAdapter SYSTEM "modules/tomcat-adapter.xml">
|
|
<!ENTITY Jetty9Adapter SYSTEM "modules/jetty9-adapter.xml">
|
|
<!ENTITY Jetty8Adapter SYSTEM "modules/jetty8-adapter.xml">
|
|
<!ENTITY FuseAdapter SYSTEM "modules/fuse-adapter.xml">
|
|
<!ENTITY SpringBootAdapter SYSTEM "modules/spring-boot-adapter.xml">
|
|
<!ENTITY SpringSecurityAdapter SYSTEM "modules/spring-security-adapter.xml">
|
|
<!ENTITY InstalledApplications SYSTEM "modules/installed-applications.xml">
|
|
<!ENTITY Logout SYSTEM "modules/logout.xml">
|
|
<!ENTITY ErrorHandling SYSTEM "modules/adapter_error_handling.xml">
|
|
<!ENTITY SAML SYSTEM "modules/saml.xml">
|
|
<!ENTITY JAAS SYSTEM "modules/jaas.xml">
|
|
<!ENTITY IdentityBroker SYSTEM "modules/identity-broker.xml">
|
|
<!ENTITY Themes SYSTEM "modules/themes.xml">
|
|
<!ENTITY Clients SYSTEM "modules/clients.xml">
|
|
<!ENTITY Migration SYSTEM "modules/MigrationFromOlderVersions.xml">
|
|
<!ENTITY Email SYSTEM "modules/email.xml">
|
|
<!ENTITY Roles SYSTEM "modules/roles.xml">
|
|
<!ENTITY Groups SYSTEM "modules/groups.xml">
|
|
<!ENTITY DirectAccess SYSTEM "modules/direct-access.xml">
|
|
<!ENTITY ServiceAccounts SYSTEM "modules/service-accounts.xml">
|
|
<!ENTITY CORS SYSTEM "modules/cors.xml">
|
|
<!ENTITY Timeouts SYSTEM "modules/timeouts.xml">
|
|
<!ENTITY Events SYSTEM "modules/events.xml">
|
|
<!ENTITY AdminApi SYSTEM "modules/admin-rest-api.xml">
|
|
<!ENTITY UserFederation SYSTEM "modules/user-federation.xml">
|
|
<!ENTITY Kerberos SYSTEM "modules/kerberos.xml">
|
|
<!ENTITY ExportImport SYSTEM "modules/export-import.xml">
|
|
<!ENTITY ServerCache SYSTEM "modules/cache.xml">
|
|
<!ENTITY SecurityVulnerabilities SYSTEM "modules/security-vulnerabilities.xml">
|
|
<!ENTITY Clustering SYSTEM "modules/clustering.xml">
|
|
<!ENTITY ApplicationClustering SYSTEM "modules/application-clustering.xml">
|
|
<!ENTITY MultiTenancy SYSTEM "modules/multi-tenancy.xml">
|
|
<!ENTITY Proxy SYSTEM "modules/proxy.xml">
|
|
<!ENTITY CustomAttributes SYSTEM "modules/custom-attributes.xml">
|
|
<!ENTITY ProtocolMappers SYSTEM "modules/protocol-mappers.xml">
|
|
<!ENTITY Recaptcha SYSTEM "modules/recaptcha.xml">
|
|
<!ENTITY AuthSPI SYSTEM "modules/auth-spi.xml">
|
|
<!ENTITY FilterAdapter SYSTEM "modules/servlet-filter-adapter.xml">
|
|
<!ENTITY ClientRegistration SYSTEM "modules/client-registration.xml">
|
|
]>
|
|
|
|
<book>
|
|
|
|
<bookinfo>
|
|
<title>Keycloak Reference Guide</title>
|
|
<subtitle>SSO for Web Apps and REST Services</subtitle>
|
|
<releaseinfo>&project.version;</releaseinfo>
|
|
</bookinfo>
|
|
|
|
<toc/>
|
|
|
|
<preface id="preface" revision="1">
|
|
<title>Preface</title>
|
|
<para>
|
|
In some of the example listings, what is meant to be displayed on one line does not fit
|
|
inside the available page width. These lines have been broken up. A '\' at the end of a
|
|
line means that a break has been introduced to fit in the page, with the following lines
|
|
indented. So:
|
|
<programlisting>
|
|
Let's pretend to have an extremely \
|
|
long line that \
|
|
does not fit
|
|
This one is short
|
|
</programlisting>
|
|
Is really:
|
|
<programlisting>
|
|
Let's pretend to have an extremely long line that does not fit
|
|
This one is short
|
|
</programlisting>
|
|
</para>
|
|
</preface>
|
|
|
|
&License;
|
|
&Overview;
|
|
&Installation;
|
|
&Providers;
|
|
&OpenShift;
|
|
&AdminPermissions;
|
|
&PerRealmAdminPermissions;
|
|
<chapter>
|
|
<title>Adapters</title>
|
|
<para>
|
|
Keycloak can secure a wide variety of application types. This section defines which application
|
|
types are supported and how to configure and install them so that you can use Keycloak to secure
|
|
your applications.
|
|
</para>
|
|
<para>
|
|
These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0).
|
|
This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
|
|
The Keycloak project also provides a separate, standalone, generic, SAML client adapter. But that is describe in a separate
|
|
document and has a different download.
|
|
</para>
|
|
&AdapterConfig;
|
|
&JBossAdapter;
|
|
&TomcatAdapter;
|
|
&Jetty9Adapter;
|
|
&Jetty8Adapter;
|
|
&FilterAdapter;
|
|
&FuseAdapter;
|
|
&JavascriptAdapter;
|
|
&SpringBootAdapter;
|
|
&SpringSecurityAdapter;
|
|
&InstalledApplications;
|
|
&Logout;
|
|
&ErrorHandling;
|
|
&MultiTenancy;
|
|
&JAAS;
|
|
</chapter>
|
|
&ClientRegistration;
|
|
|
|
&IdentityBroker;
|
|
&Themes;
|
|
&Clients;
|
|
&Recaptcha;
|
|
|
|
<chapter>
|
|
<title>Email</title>
|
|
<para>
|
|
Keycloak sends emails to users to verify their email address. Emails are also used to allow users to
|
|
safely restore their username and passwords.
|
|
</para>
|
|
&Email;
|
|
</chapter>
|
|
&AccessTypes;
|
|
&Roles;
|
|
&Groups;
|
|
&DirectAccess;
|
|
&ServiceAccounts;
|
|
&CORS;
|
|
&Timeouts;
|
|
&AdminApi;
|
|
&Events;
|
|
&UserFederation;
|
|
&Kerberos;
|
|
&ExportImport;
|
|
&AdminRecovery;
|
|
&ServerCache;
|
|
&SAML;
|
|
&SecurityVulnerabilities;
|
|
&Clustering;
|
|
&ApplicationClustering;
|
|
&Proxy;
|
|
&CustomAttributes;
|
|
&ProtocolMappers;
|
|
&AuthSPI;
|
|
&Migration;
|
|
|
|
</book>
|
|
|
|
|