We have installed Keycloak version 25.0.2 on Openshift and planning to integrate with EAP-7.4.18. Trying to accomplish the below steps. But to implement step-2, to install key-adapter for JBoss EAP, the last version for the adapter is available for only 22.0.5 from https://www.keycloak.org/archive/. And that too when downloading for JBoss-EAP (attached screen shot) it is downloading keycloak-oidc-wildfly-adapter-22.0.5 (attached file) which is related to wildfly but not specific for JBoss-EAP. Is there a way to download JBoss EAP specific keycloak adapter or the wildfly adapter should automatically work for EAP? Are the below steps I am trying to accomplish are correct? Any help on this is really appreciated.
Step 1: Install Keycloak
Download and Install Keycloak:
Download Keycloak from the official website.
Extract and configure Keycloak.
Start Keycloak:
Run Keycloak using the following command in the Keycloak directory:
bash
Copy code
./bin/standalone.sh -Djboss.socket.binding.port-offset=100
Keycloak will be accessible at http:// localhost: 8180/auth.
Create a Realm:
Log in to the Keycloak admin console at localhost: 8180/auth/admin/.
Create a new realm (e.g., myrealm).
Create a Client:
Within the created realm, add a new client that represents your JBoss EAP application.
Set the client protocol to openid-connect.
Set the Root URL to the URL of your JBoss EAP application (e.g., localhost: 8080/myapp).
Configure redirect URIs as needed (e.g., localhost: 8080/*).
Create Users:
Under the “Users” section, create users that will be authenticated against Keycloak.
Step 2: Install Keycloak Adapter for JBoss EAP
Download the Keycloak Adapter:
Download the Keycloak adapter for JBoss EAP from the Keycloak Downloads page.
Extract the adapter into your JBoss EAP installation directory.
Install the Adapter:
Copy the necessary modules to the modules directory of your JBoss EAP installation.
Copy the keycloak-saml-subsystem module to the JBoss EAP modules.
Modify the standalone.xml or domain.xml configuration to include the Keycloak subsystem:
xml
Copy code
Add Keycloak Adapter Modules:
Update the standalone.xml or domain.xml to include the Keycloak adapter modules under the extensions element:
xml
Copy code
Step 3: Configure JBoss EAP Application for Keycloak
Modify Your Application’s WEB-INF/web.xml:
Update your application’s web.xml to include security constraints, login configurations, and security roles:
xml
Copy code
KEYCLOAK
myrealm
Create a keycloak.json file in your application’s WEB-INF directory. This file contains the configuration needed to connect to Keycloak:
json
Copy code
{
“realm”: “myrealm”,
“auth-server-url”: “http://localhost:8180/auth”,
“ssl-required”: “external”,
“resource”: “myapp”,
“credentials”: {
“secret”: “your-client-secret”
},
“confidential-port”: 0
}
Ensure that the “resource” field matches the client ID in Keycloak, and “secret” matches the client secret.
Step 4: Deploy and Test
Deploy the Application:
Deploy your application to JBoss EAP as usual (e.g., by placing the WAR file in the deployments directory).
Test Authentication:
Access your application in a browser (e.g., http:// localhost: 8080/myapp).
You should be redirected to the Keycloak login page.
After successful authentication, you’ll be redirected back to your application.
Step 5: Additional Configurations
Role Mapping: Configure role mapping in Keycloak to map Keycloak roles to your application roles.
SSL Configuration: If running in a production environment, configure SSL/TLS on both JBoss EAP and Keycloak.
Logout Handling: Ensure that logout is correctly handled by configuring Keycloak and JBoss EAP to invalidate the session and redirect to the Keycloak logout page.
Conclusion
This integration enables single sign-on (SSO) and centralized identity management for your applications running on JBoss EAP. Keycloak handles the authentication and provides the flexibility to integrate with various identity providers (LDAP, social logins, etc.).
Thanks
Ram Golla