182 lines
7.3 KiB
XML
Executable file
182 lines
7.3 KiB
XML
Executable file
<!--
|
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
~ and other contributors as indicated by the @author tags.
|
|
~
|
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
~ you may not use this file except in compliance with the License.
|
|
~ You may obtain a copy of the License at
|
|
~
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
~
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
~ See the License for the specific language governing permissions and
|
|
~ limitations under the License.
|
|
-->
|
|
|
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
"http://www.docbook.org/xml/4.4/docbookx.dtd"
|
|
[
|
|
<!ENTITY License SYSTEM "modules/License.xml">
|
|
<!ENTITY Overview SYSTEM "modules/Overview.xml">
|
|
<!ENTITY Installation SYSTEM "modules/server-installation.xml">
|
|
<!ENTITY Providers SYSTEM "modules/providers.xml">
|
|
<!ENTITY OpenShift SYSTEM "modules/openshift.xml">
|
|
<!ENTITY AdminPermissions SYSTEM "modules/admin-permissions.xml">
|
|
<!ENTITY PerRealmAdminPermissions SYSTEM "modules/per-realm-admin-permissions.xml">
|
|
<!ENTITY AccessTypes SYSTEM "modules/access-types.xml">
|
|
<!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
|
|
<!ENTITY JBossAdapter SYSTEM "modules/jboss-adapter.xml">
|
|
<!ENTITY JavascriptAdapter SYSTEM "modules/javascript-adapter.xml">
|
|
<!ENTITY TomcatAdapter SYSTEM "modules/tomcat-adapter.xml">
|
|
<!ENTITY Jetty9Adapter SYSTEM "modules/jetty9-adapter.xml">
|
|
<!ENTITY Jetty8Adapter SYSTEM "modules/jetty8-adapter.xml">
|
|
<!ENTITY FuseAdapter SYSTEM "modules/fuse-adapter.xml">
|
|
<!ENTITY SpringBootAdapter SYSTEM "modules/spring-boot-adapter.xml">
|
|
<!ENTITY SpringSecurityAdapter SYSTEM "modules/spring-security-adapter.xml">
|
|
<!ENTITY InstalledApplications SYSTEM "modules/installed-applications.xml">
|
|
<!ENTITY Logout SYSTEM "modules/logout.xml">
|
|
<!ENTITY ErrorHandling SYSTEM "modules/adapter_error_handling.xml">
|
|
<!ENTITY SAML SYSTEM "modules/saml.xml">
|
|
<!ENTITY JAAS SYSTEM "modules/jaas.xml">
|
|
<!ENTITY IdentityBroker SYSTEM "modules/identity-broker.xml">
|
|
<!ENTITY Themes SYSTEM "modules/themes.xml">
|
|
<!ENTITY Clients SYSTEM "modules/clients.xml">
|
|
<!ENTITY Migration SYSTEM "modules/MigrationFromOlderVersions.xml">
|
|
<!ENTITY Email SYSTEM "modules/email.xml">
|
|
<!ENTITY Roles SYSTEM "modules/roles.xml">
|
|
<!ENTITY Groups SYSTEM "modules/groups.xml">
|
|
<!ENTITY DirectAccess SYSTEM "modules/direct-access.xml">
|
|
<!ENTITY ServiceAccounts SYSTEM "modules/service-accounts.xml">
|
|
<!ENTITY CORS SYSTEM "modules/cors.xml">
|
|
<!ENTITY Timeouts SYSTEM "modules/timeouts.xml">
|
|
<!ENTITY Events SYSTEM "modules/events.xml">
|
|
<!ENTITY AdminApi SYSTEM "modules/admin-rest-api.xml">
|
|
<!ENTITY UserFederation SYSTEM "modules/user-federation.xml">
|
|
<!ENTITY Kerberos SYSTEM "modules/kerberos.xml">
|
|
<!ENTITY ExportImport SYSTEM "modules/export-import.xml">
|
|
<!ENTITY ServerCache SYSTEM "modules/cache.xml">
|
|
<!ENTITY SecurityVulnerabilities SYSTEM "modules/security-vulnerabilities.xml">
|
|
<!ENTITY Clustering SYSTEM "modules/clustering.xml">
|
|
<!ENTITY ApplicationClustering SYSTEM "modules/application-clustering.xml">
|
|
<!ENTITY MultiTenancy SYSTEM "modules/multi-tenancy.xml">
|
|
<!ENTITY Proxy SYSTEM "modules/proxy.xml">
|
|
<!ENTITY CustomAttributes SYSTEM "modules/custom-attributes.xml">
|
|
<!ENTITY ProtocolMappers SYSTEM "modules/protocol-mappers.xml">
|
|
<!ENTITY Recaptcha SYSTEM "modules/recaptcha.xml">
|
|
<!ENTITY AuthSPI SYSTEM "modules/auth-spi.xml">
|
|
<!ENTITY FilterAdapter SYSTEM "modules/servlet-filter-adapter.xml">
|
|
<!ENTITY ClientRegistration SYSTEM "modules/client-registration.xml">
|
|
]>
|
|
|
|
<book>
|
|
|
|
<bookinfo>
|
|
<title>Keycloak Reference Guide</title>
|
|
<subtitle>SSO for Web Apps and REST Services</subtitle>
|
|
<releaseinfo>&project.version;</releaseinfo>
|
|
</bookinfo>
|
|
|
|
<toc/>
|
|
|
|
<preface id="preface" revision="1">
|
|
<title>Preface</title>
|
|
<para>
|
|
In some of the example listings, what is meant to be displayed on one line does not fit
|
|
inside the available page width. These lines have been broken up. A '\' at the end of a
|
|
line means that a break has been introduced to fit in the page, with the following lines
|
|
indented. So:
|
|
<programlisting>
|
|
Let's pretend to have an extremely \
|
|
long line that \
|
|
does not fit
|
|
This one is short
|
|
</programlisting>
|
|
Is really:
|
|
<programlisting>
|
|
Let's pretend to have an extremely long line that does not fit
|
|
This one is short
|
|
</programlisting>
|
|
</para>
|
|
</preface>
|
|
|
|
&License;
|
|
&Overview;
|
|
&Installation;
|
|
&Providers;
|
|
&OpenShift;
|
|
&AdminPermissions;
|
|
&PerRealmAdminPermissions;
|
|
<chapter>
|
|
<title>Adapters</title>
|
|
<para>
|
|
Keycloak can secure a wide variety of application types. This section defines which application
|
|
types are supported and how to configure and install them so that you can use Keycloak to secure
|
|
your applications.
|
|
</para>
|
|
<para>
|
|
These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0).
|
|
This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
|
|
The Keycloak project also provides a separate, standalone, generic, SAML client adapter. But that is describe in a separate
|
|
document and has a different download.
|
|
</para>
|
|
&AdapterConfig;
|
|
&JBossAdapter;
|
|
&TomcatAdapter;
|
|
&Jetty9Adapter;
|
|
&Jetty8Adapter;
|
|
&FilterAdapter;
|
|
&FuseAdapter;
|
|
&JavascriptAdapter;
|
|
&SpringBootAdapter;
|
|
&SpringSecurityAdapter;
|
|
&InstalledApplications;
|
|
&Logout;
|
|
&ErrorHandling;
|
|
&MultiTenancy;
|
|
&JAAS;
|
|
</chapter>
|
|
&ClientRegistration;
|
|
|
|
&IdentityBroker;
|
|
&Themes;
|
|
&Clients;
|
|
&Recaptcha;
|
|
|
|
<chapter>
|
|
<title>Email</title>
|
|
<para>
|
|
Keycloak sends emails to users to verify their email address. Emails are also used to allow users to
|
|
safely restore their username and passwords.
|
|
</para>
|
|
&Email;
|
|
</chapter>
|
|
&AccessTypes;
|
|
&Roles;
|
|
&Groups;
|
|
&DirectAccess;
|
|
&ServiceAccounts;
|
|
&FineGrainedAuthorization;
|
|
&CORS;
|
|
&Timeouts;
|
|
&AdminApi;
|
|
&Events;
|
|
&UserFederation;
|
|
&Kerberos;
|
|
&ExportImport;
|
|
&AdminRecovery;
|
|
&ServerCache;
|
|
&SAML;
|
|
&SecurityVulnerabilities;
|
|
&Clustering;
|
|
&ApplicationClustering;
|
|
&Proxy;
|
|
&CustomAttributes;
|
|
&ProtocolMappers;
|
|
&AuthSPI;
|
|
&Migration;
|
|
|
|
</book>
|
|
|
|
|