[keycloak-user] Keycloak doubts securing WAR via SAML subsystem

Mon Jun 25 15:20:05 EDT 2018

Hello All,

>From the below doc  I have few doubts :

https://www.keycloak.org/docs/2.5/securing_apps/topics/saml/java/saml-jboss-adapter.html

1st doubt :

I wanna  take this option "Securing WARs via Keycloak SAML Subsystem"

we need  to configure this  instance's .xml file

<extensions>
  <extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
</extensions>

>From  above  content  which is given in document  . I did not get this
thing  from the lines "

The secure-deployment name attribute identifies the WAR you want to secure.
Its value is the module-name defined in web.xml with .war appended."

Do I have to put like this  </secure-deployment> "sample.war" </
secure-deployment>   or </secure-deployment> "sample.war"

Sample.war is the  deoplyment  file which I have deployed on wildfly
instance .

################

>From the  below  lines  which is mentioned  in the doc , I have  few doubts

"You do not have to crack open a WAR to secure it with Keycloak.
Alternatively, you can externally secure it via the Keycloak SAML Adapter
Subsystem. While you don’t have to specify KEYCLOAK-SAML as an auth-method,
you still have to define the security-constraints in web.xml. You do not,
however, have to create a WEB-INF/keycloak-saml.xml file. This metadata is
instead defined within the XML in your server’sdomain.xml or
standalone.xml subsystem
configuration section."

(2nd doubt)

(2)do I have to define security-constraints in web.xml ?

(2.a) :in that case there is no need to create keycloak-saml.xml file ?

(2.b)If I have to create keycloak-saml.xml file  from where  and what
content  needs  to be  in this  keycloak-saml.xml  file .

(3rd doubt)

(3)Which metadata  is is already defined in standalone.xml file of wildfly
instance ?

(3.a)As  its  already defined there is no need  to define
security-constraints in web.xml?

(3.b)there is no need to create  the keycloak.xml file under WEB-INF  folder

Thanks,
Vandana