-
15. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Content of the file is layers=keycloak
Created under Wildfly_Home/Modules.
I have just removed the file and run that jboss.cli command but still I show the error
./jboss-cli.sh --file=adapter-elytron-install-saml.cli --connect --controller=0.0.0.0:xxxx
Authenticating against security realm: ManagementRealm
Username: xxxx
Password:
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0310: Extension module org.keycloak.keycloak-saml-adapter-subsystem not found",
"rolled-back" => true
}
-
16. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
I actually created layers.conf file by using the below doc :
[KEYCLOAK-5185] WildFly Overlay not working due to missing layers.conf - JBoss Issue Tracker
Its created under Wildfly_Home/Modules
Content is layers=keycloak.
But now removed that .conf file
Ran below jboss.cli command . But still showing the error
./jboss-cli.sh --file=adapter-elytron-install-saml.cli --connect --controller=0.0.0.0:xxxx
Authenticating against security realm: ManagementRealm
Username: xxxx
Password:
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0310: Extension module org.keycloak.keycloak-saml-adapter-subsystem not found",
"rolled-back" => true
}
-
17. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Are you using the keycloak server or keycloak overlay ? If using overlay, is there a need for that ?
That doc to use the layers.conf is when you have an existing wildfly installation and wants to reuse to install the keycloak binaries to turn it into a keycloak server, but that is not a recommended solution for production.
The keycloak binary adapters should be unzipped in the wildfly directory, not the keycloak server directory.
What are the paths for the wildfly and keycloak server ? and in which one are you unzipping the adapters ?
-
18. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Hi Claudio,
I have installed keycloak saml adapters and unzipped the file and ran jboss-cli.sh and it was sucessful this time :
Not sure what I have to do for the next step.
{
"outcome" => "success",
"result" => [("keycloak-saml" => "1.1.0")]
}
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
-
19. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
The cli script already adds a realm KeycloakSAMLRealm, a security domain KeycloakDomain, and http-authentication-factory=keycloak-http-authentication, for your application to use it as an example.
But I recommend, to read the SAML chapter of keycloak documentation to see how to fine tune for your applications.
https://www.keycloak.org/docs/latest/securing_apps/index.html#saml-2
-
20. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
I have seen that document.
I have configured IDP related info on keycloak admin console
and insatlled Keycloak saml adapters on wildfly server.
Now I have to do application related configurations for single sign on .
No Idea where to star.
Do I have to take any file from keycloak admin console and copy that file to wildfly server ?
Or any other stuff to do
-
21. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
I recommend the keycloak forums.
-
22. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Hello Miranda,
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/jboss-adapter.html
Do you know that this the section 4.2.1.2 is a part of single sign on configuration ?
Thanks,
Lily
-
23. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
> Do you know that this the section 4.2.1.2 is a part of single sign on configuration ?
Yes, it deals with the installation of the keycloak adapter binaries to a wildfly appserver and how to configure an application to use keycloak sso.
-
24. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
that's what where I stuck, securing app by using the keycloak saml adapters .
-
26. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Thanks for sharing the doc.
I wanna take this option "Securing WARs via Keycloak SAML Subsystem"
we need to configure this instance's .xml file
<extensions>
<extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
</extensions>
<profile>
<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.1">
<secure-deployment name="WAR MODULE NAME.war">
<SP entityID="APPLICATION URL">
...
</SP>
</secure-deployment>
</subsystem>
</profile>From above content which is given in document . I did not get this thing from the lines "
The
secure-deploymentnameattribute identifies the WAR you want to secure. Its value is themodule-namedefined inweb.xmlwith.warappended."Do I have to put like this </secure-deployment> "sample.war" </secure-deployment> or </secure-deployment> "sample.war"
Sample.war is the deoplyment file which I have deployed on wildfly instance .
-
27. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Also above is 1st doubt and my other doubts on this
You do not have to crack open a WAR to secure it with Keycloak. Alternatively, you can externally secure it via the Keycloak SAML Adapter Subsystem. While you don’t have to specify KEYCLOAK-SAML as an
auth-method, you still have to define thesecurity-constraintsinweb.xml. You do not, however, have to create aWEB-INF/keycloak-saml.xmlfile. This metadata is instead defined within the XML in your server’sdomain.xmlorstandalone.xmlsubsystem configuration section.(2nd doubt)
(2)do I have to define
security-constraintsinweb.xml ?(2.a) :in that case there is no need to create keycloak-saml.xml file ?(2.b)If I have to create keycloak-saml.xml file from where and what content needs to be in this keycloak-saml.xml file .
(3rd doubt)
(3)Which metadata is is already defined in standalone.xml file of wildfly instance ?
(3.a)As its already defined there is no need to define
security-constraintsinweb.xml?(3.b)there is no need to create the keycloak.xml file under WEB-INF folder -
28. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Hello Claudio,
When I was trying to open the keycloak admin console
I'm getting below error
This site can’t be reached
ERR_CONNECTION_TIMED_OUT
-
29. Re: How to open this file keycloak-saml-wildfly-adapter-dist-4.0.0.Final.zip.sha1
Hi Lilly, I am not familiar to keycloak to tell you about the SAML adapter config, the keycloak mailing list would be more useful for you
keycloak-user | Mailing List Archive
As for the error going to the keycloak admin console, it says the client browser can't reach the target hostname and port. From the console prompt, can you ping the keycloak server address and port with netcat ?