[keycloak-user] Tomcat adapter for keycloak

Kalinga Dissanayake kalinga at leapset.com
Wed Mar 18 07:41:27 EDT 2015


It didnt. Thats why i did the change to the catalina.jar file.
Managed to come up with this [ http://blog-ungarida.rhcloud.com/keycloak-tomcat-adapter/ ]( http://blog-ungarida.rhcloud.com/keycloak-tomcat-adapter/ )
Thats why I did this change to catalina.jar.
 
Kalinga

-----Original Message-----
From: "Marek Posolda" <mposolda at redhat.com>
Sent: Wednesday, March 18, 2015 4:50pm
To: "Kalinga Dissanayake" <kalinga at leapset.com>, keycloak-user at lists.jboss.org, "Stian Thorgersen" <stian at redhat.com>
Subject: Re: [keycloak-user] Tomcat adapter for keycloak



For Tomcat adapter, you don't need KEYCLOAK authentication type in web.xml, but BASIC should be sufficient. Does it work with BASIC and without your step 3 (Changing catalina.jar) ?

 Marek

 On 18.3.2015 10:00, Kalinga Dissanayake wrote:
I am in the process of trying out a few adapters supported by keycloak.
Tried the tomcat adapter but im a getting a continuous redirect on the browser.
 
I did the following;
1/ Installed the adapter on tomcat
2/ Installed all the libraries.
3/ Changed catalina.jar to add an authentication type called KEYCLOAK
4/ Added the context.xml to the client in META-INF
 
<?xml version="1.0" encoding="UTF-8"?>
 <Context path="/sample" debug="0" privileged="true">
     <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve" />
 </Context>
 
5/ Added the keycloak.json
{
 "realm": "demo",
 "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6pigvwuJUVfi9sEaZOj7txNfBwPAEt+0AIBSFHRzoWSxNAnznkwGV83qGK+Kc6GAMdlch87GeFzSZh76qC9GUlQ1WGOjbNA4YApnd9PmLvt1iBfe/3xkjIBeKEYmeA9mg3xn3eTosWmL1WIFzFy4NRbe09fAC1hZ5zazfjSDBtwIDAQAB",
 "auth-server-url": [ "http://localhost:8080/auth" ]( http://localhost:8080/auth ),
 "ssl-required": "external",
 "resource": "customer-portal",
 "public-client": true,
 "use-resource-role-mappings": true
 }
 
6/ Changed web.xml
<!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  [ "http://java.sun.com/dtd/web-app_2_3.dtd" ]( http://java.sun.com/dtd/web-app_2_3.dtd ) >

 <web-app>
   <display-name>Archetype Created Web Application</display-name>

     <security-constraint>
         <web-resource-collection>
             <web-resource-name>sample</web-resource-name>
             <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
             <role-name>user</role-name>
         </auth-constraint>
     </security-constraint>
     <security-role>
         <role-name>user</role-name>
     </security-role>
     <login-config>
         <auth-method>KEYCLOAK</auth-method>
         <realm-name>demo</realm-name>
     </login-config>
 </web-app>
 
The client app successfully redirects to the server url (keycloak) and I can login entering the creds. and it redirects back to the client, however the client goes into a loop.
Should I do a change in the client to extract some details and save it in the session? Or will be the adapter handle this for me
 
Kalinga
 


_______________________________________________keycloak-user mailing list[ keycloak-user at lists.jboss.org ]( mailto:keycloak-user at lists.jboss.org )[ https://lists.jboss.org/mailman/listinfo/keycloak-user ]( https://lists.jboss.org/mailman/listinfo/keycloak-user )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150318/9edbd91e/attachment.html 


More information about the keycloak-user mailing list