I'm looking at WF 17 configuration for the new distributable-web subsystem and wondering how it works with a 3rd party SSO provider, in this case Keycloak.
In previous versions of WF, you had to disable SSO in wildfly in order to use Keycloak.
I looked over the subsystem model, and I don't see any obvious way to disable SSO, and the only 2 provider options are Hotrod and Infinispan. I don't think that I want to entirely remove the subsystem, otherwise session replication won't work.
<subsystem xmlns="urn:jboss:domain:distributable-web:1.0" default-session-management="default" default-single-sign-on-management="default"> <infinispan-session-management name="default" granularity="SESSION" cache-container="web"> <primary-owner-affinity/> </infinispan-session-management> <infinispan-single-sign-on-management name="default" cache-container="web" cache="sso"/> <infinispan-routing cache-container="web" cache="routing"/> </subsystem>
How does one disable SSO?
This subsystem merely houses the configuration for SSO for distributed web applications - it does not enable SSO itself. SSO is enabled via the undertow subsystem per application security domain.