[keycloak-user] [keycloak-dev] Securing wars via keycloak subsystem

Marko Strukelj mstrukel at redhat.com
Mon Jul 27 09:13:29 EDT 2015 

Moved this conversation from keycloak-dev to keycloak-user at lists.jboss.org ...

You can't have keycloak server deployed on Wildfly 8 any more. So I assume you don't have the server parts deployed at all.

If you want to setup keycloak server and your web application in the same Wildfly instance the best way to do that is to use keycloak-demo-1.3.1.Final.zip which you can download here: http://sourceforge.net/projects/keycloak/files/1.3.1.Final

It is based on Wildfly 9.0.0.Final. You can then deploy your wars and add <secure-deployment> section to keycloak subsystem configuration in standalone.xml file.


The alternative is to run keycloak server separately - in that case use keycloak-1.3.1.Final.zip, and start it first.

You then download keycloak-wf8-adapter-dist-1.3.1.Final.zip from http://sourceforge.net/projects/keycloak/files/1.3.1.Final/adapters/.
Unpack it into your Wildfly 8.2.0 where you have deployed your .war. Make sure to add <secure-deployment> section to your Wildfly 8.2.0 where your .war is deployed, and not to the keycloak server instance.
Also adjust the value of <auth-server-url> to point to the correct server url.

If you want to run both server and client on the same host for development you can start either one with:

bin/standalone.sh -Djboss.socket.binding.port-offset=100

Which will bind all the ports to their default value +100 - e.g. what would otherwise be port 8080 would then become 8180.

- marko


----- Original Message -----
> 
> 
> Hey guys,
> 
> 
> 
> as the subject says I want to secure my war files via keycloak subsystem. I
> use an wildfly 8 server in standalone mode and got the following
> configuration from the keycloak admin console (by now I configured keycloak
> with keycloak.json):
> 
> “<secure-deployment name="TOMAMappingConfigurationService.war">
> 
> <realm>TOMAMappingConfigurationService</realm>
> 
> <resource>TOMAMappingConfigurationService</resource>
> 
> <use-resource-role-mappings>true</use-resource-role-mappings>
> 
> <public-client>true</public-client>
> 
> <realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioI1Q9NTQ+FB/6nFRl6QXqjoNNHld8K8KgdL9xhDJtAOn2jhY9/sfQASs5heBWh9IQeVlYFkhmN5jYzKtPMLZnlMTW6fE4yTRSw5RdbGldgX8LedFAt5vSU2rVJWMkExDynDe8zHNbMKvereFeTQ3oDqEA/Ks22fUdmf2Pj+Cpzuj+ncyRYSut02MTGpQML9975D+1z5AmlokkWlk+VADjZ/3zberEJS8I49uQryqtC6OtxayVezEj270Iwx9lwmRIa2aoJZGQRncafW0Dukgx+lAxJinjiSR0UngTXwQXw1OfH9xfi7v6oHcrmExp4xahKom+cW9MyhCL51ElJi4QIDAQAB</realm-public-key>
> 
> <auth-server-url>http://localhost:8080/auth</auth-server-url>
> 
> <ssl-required>EXTERNAL</ssl-required>
> 
> </secure-deployment>
> 
>> 
> As in the documentation described I deleted the keycloak.json files and the
> part of the web.xml file where keycloak as authentication method is defined.
> 
> 
> 
> Now I have the problem, that keycloak seems not to be deployed. I cannot
> access the admin console or login to my application because of an “404 – Not
> found”-Error.
> 
> 
> 
> Any ideas what I did wrong?
> 
> 
> 
> PS: Excuse my English. J
> 
> 
> 
> Kind regards,
> 
> Lars
> 
> 
> 
> 
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-user mailing list