How to use the new WF 17 distributable-web subsystem with Keycloak?

mamemc Jul 4, 2019 4:56 PM

I'm looking at WF 17 configuration for the new distributable-web subsystem and wondering how it works with a 3rd party SSO provider, in this case Keycloak.

In previous versions of WF, you had to disable SSO in wildfly in order to use Keycloak.

I looked over the subsystem model, and I don't see any obvious way to disable SSO, and the only 2 provider options are Hotrod and Infinispan. I don't think that I want to entirely remove the subsystem, otherwise session replication won't work.

        <subsystem xmlns="urn:jboss:domain:distributable-web:1.0" default-session-management="default" default-single-sign-on-management="default">
            <infinispan-session-management name="default" granularity="SESSION" cache-container="web">
                <primary-owner-affinity/>
            </infinispan-session-management>
            <infinispan-single-sign-on-management name="default" cache-container="web" cache="sso"/>
            <infinispan-routing cache-container="web" cache="routing"/>
        </subsystem>

How does one disable SSO?

1. Re: How to use the new WF 17 distributable-web subsystem with Keycloak?

pferraro Jul 10, 2019 12:49 PM (in response to mamemc)

This subsystem merely houses the configuration for SSO for distributed web applications - it does not enable SSO itself. SSO is enabled via the undertow subsystem per application security domain.
Actions