Re: [wildfly-dev] Including Keycloak client adapters in WildFly 10
On Jul 3, 2015, at 6:40 AM, Stian Thorgersen <stian(a)redhat.com>
wrote:
Keycloak provides an adapter, including a WildFly extensions, to make it easier to add
authentication to JavaEE applications with Keycloak.
Sorry for my delay replying. Comments are inline:
It includes a few modules. Currently 8 Keycloak specific modules and one 1 third-party.
The third-party is net.iharder.base64.
We already have many Base64 implementations. It’s pretty easy to pull one in with cut and
paste. Java 8 also provides one, so that could be used.
As the WildFly extensions includes a deployment processor that configures the
authentication method as well as dependencies for a deployment it's easy to add
authentication to a JavaEE application. All you need to do is specify it in
standalone.xml, for example:
...
<secure-deployment name="mywar.war”>
I’m assuming that the DUPs you register match the deployment name with this key, and then
modify the app configuration?
<realm>myrealm</realm>
<realm-public-key>MIIBIjAN...</realm-public-key>
<auth-server-url>http://localhost:8081/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<resource>mywar</resource>
<credential
name="secret">675356d8-2b6b-4602-a74f-7079e0555885</credential>
You probably already did this, but such an attribute should support vault usage as well so
that credentials can be kept out of configs.
</secure-deployment>
...
I'd like to explore if we can add this extension and the required modules directly to
WildFly 10, rather than require users to add it themselves.
Can you sync up with the elytron team? They are making other changes in this area, which
are not yet in 10, and I want to make sure thats all compatible.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat