[keycloak-user] Tomcat adapter for keycloak
Bill Burke
bburke at redhat.com
Wed Mar 18 09:13:00 EDT 2015
What is the Tomcat version? Do you happen to have a reproducable bundle
you could send me? If not, no worries.
On 3/18/2015 7:41 AM, Kalinga Dissanayake wrote:
> It didnt. Thats why i did the change to the catalina.jar file.
>
> Managed to come up with this
> http://blog-ungarida.rhcloud.com/keycloak-tomcat-adapter/
>
> Thats why I did this change to catalina.jar.
>
> Kalinga
>
> -----Original Message-----
> From: "Marek Posolda" <mposolda at redhat.com>
> Sent: Wednesday, March 18, 2015 4:50pm
> To: "Kalinga Dissanayake" <kalinga at leapset.com>,
> keycloak-user at lists.jboss.org, "Stian Thorgersen" <stian at redhat.com>
> Subject: Re: [keycloak-user] Tomcat adapter for keycloak
>
> For Tomcat adapter, you don't need KEYCLOAK authentication type in
> web.xml, but BASIC should be sufficient. Does it work with BASIC and
> without your step 3 (Changing catalina.jar) ?
>
> Marek
>
> On 18.3.2015 10:00, Kalinga Dissanayake wrote:
>
> I am in the process of trying out a few adapters supported by keycloak.
>
> Tried the tomcat adapter but im a getting a continuous redirect on
> the browser.
>
> I did the following;
>
> 1/ Installed the adapter on tomcat
>
> 2/ Installed all the libraries.
>
> 3/ Changed catalina.jar to add an authentication type called KEYCLOAK
>
> 4/ Added the context.xml to the client in META-INF
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Context path="/sample" debug="0" privileged="true">
> <Valve
> className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve" />
> </Context>
>
> 5/ Added the keycloak.json
>
> {
> "realm": "demo",
> "realm-public-key":
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6pigvwuJUVfi9sEaZOj7txNfBwPAEt+0AIBSFHRzoWSxNAnznkwGV83qGK+Kc6GAMdlch87GeFzSZh76qC9GUlQ1WGOjbNA4YApnd9PmLvt1iBfe/3xkjIBeKEYmeA9mg3xn3eTosWmL1WIFzFy4NRbe09fAC1hZ5zazfjSDBtwIDAQAB",
> "auth-server-url": "http://localhost:8080/auth",
> "ssl-required": "external",
> "resource": "customer-portal",
> "public-client": true,
> "use-resource-role-mappings": true
> }
>
> 6/ Changed web.xml
>
> <!DOCTYPE web-app PUBLIC
> "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> "http://java.sun.com/dtd/web-app_2_3.dtd" >
>
> <web-app>
> <display-name>Archetype Created Web Application</display-name>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>sample</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
> <security-role>
> <role-name>user</role-name>
> </security-role>
> <login-config>
> <auth-method>KEYCLOAK</auth-method>
> <realm-name>demo</realm-name>
> </login-config>
> </web-app>
>
> The client app successfully redirects to the server url (keycloak)
> and I can login entering the creds. and it redirects back to the
> client, however the client goes into a loop.
>
> Should I do a change in the client to extract some details and save
> it in the session? Or will be the adapter handle this for me
>
> Kalinga
>
>
>
> _______________________________________________ keycloak-user
> mailing list keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list