Preview: Keycloak-secured management in WildFly 9

Version 4

    If you want to see the Web Console secured by Keycloak, follow the quick and easy instructions are below.  This can't be merged yet because we need a new release of Keycloak and then a new release of WildFly Core.

     

    1. Build these projects in order (-DskipTests makes it quicker):

    Keycloak Master: keycloak/keycloak · GitHub

    Keycloak Branch of WildFly Core: ssilvert/wildfly-core at keycloak · GitHub

    Keycloak Branch of WildFly Full: ssilvert/wildfly at keycloak · GitHub

     

    2. Unzip the attached standalone.zip file into <wildfly full>/build/target/wildfly-9.0.0.Alpha1-SNAPSHOT.

    3. Start the full server with standalone.sh -c standalone-keycloak.xml

     

    Observe Single SignOn

    1. Open the web console.  user/password is admin/admin.  URL is http://localhost:9990/console/

    2. Open the Keycloak admin.  SSO is active.  No need to sign in.  URL is http://localhost:8080/auth/admin/index.html

    3. Hit the HTTP management endpoint directly.  SSO is active.  No need to sign in. URL is http://localhost:9990/management

     

    Manage Web Console Roles with Keycloak

    1. In Keycloak admin, go to http://localhost:8080/auth/admin/master/console/#/realms/master/users/admin/role-mappings.

    2. Under Application Roles, choose web-console.  Change the roles.  You can have more than one.

    3. Log out, and go back to web console.  URL is http://localhost:9990/console/

    4. In the upper righthand corner of web console, click on the user name, "admin".

    5. You will see that the user now has the roles you assigned.

     

    Observe Single Log Out

    1. Log in to Keycloak admin. URL is http://localhost:8080/auth/admin/index.html

    2. In another tab, go to web console.  http://localhost:8080/auth/admin/index.htmlURL is http://localhost:9990/console/

    3. Log out of web console.

    4. Observe that you are immediately logged out of Keycloak admin.

    5. Unfortunately, this doesn't work in reverse.  Web console doesn't yet recognize Single Log Out.

     

    Add a new Web Console User

    1. In Keycloak admin, go to http://localhost:8080/auth/admin/master/console/index.html#/realms/master/users

    2. Add the user.

    3. Under Credentials, set temporary password.

    4. Under Role Mappings, set the user's role as above.

    5. When the new user logs in to web console, he will be asked to change his password.