{"id":22389873,"url":"https://github.com/entando/entando-keycloak-plugin","last_synced_at":"2025-07-31T07:32:42.685Z","repository":{"id":37860263,"uuid":"181948647","full_name":"entando/entando-keycloak-plugin","owner":"entando","description":"Entando Plugin to connect to keycloak","archived":false,"fork":false,"pushed_at":"2025-06-12T14:52:45.000Z","size":1197,"stargazers_count":0,"open_issues_count":0,"forks_count":3,"subscribers_count":5,"default_branch":"develop","last_synced_at":"2025-07-13T14:45:50.616Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://dev.entando.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/entando.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-04-17T18:37:58.000Z","updated_at":"2022-01-07T11:26:32.000Z","dependencies_parsed_at":"2025-06-12T14:38:20.674Z","dependency_job_id":"fb48405e-6100-4d57-8261-b865962f03e0","html_url":"https://github.com/entando/entando-keycloak-plugin","commit_stats":null,"previous_names":[],"tags_count":140,"template":false,"template_full_name":null,"purl":"pkg:github/entando/entando-keycloak-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/entando%2Fentando-keycloak-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/entando%2Fentando-keycloak-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/entando%2Fentando-keycloak-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/entando%2Fentando-keycloak-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/entando","download_url":"https://codeload.github.com/entando/entando-keycloak-plugin/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/entando%2Fentando-keycloak-plugin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268004216,"owners_count":24179379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-31T02:00:08.723Z","response_time":66,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-05T03:13:29.661Z","updated_at":"2025-07-31T07:32:42.099Z","avatar_url":"https://github.com/entando.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Entando Keycloak Plugin\nKeycloak Integration for Entando Core - Gives SSO capabilities and also has User Management through Keycloak.\n\nFor more information and documentation visit:  https://dev.entando.org, or https://forum.entando.org. Or for the latest news or product information please visit the main website: https://www.entando.com.\n\nInformation below is for building from source or running locally as a contributor or developer on the plugin itself.. See the links above for general documentation and usage.\n\n## Scope\n\n### What this plugin does\n* Enables SSO capabilities to an Entando Instance by using Keycloak.\n* Moves User Management to Keycloak.\n\n### What this plugin does not\nThis plugin doesn't come with Role and Group management, because Entando Core roles/groups model isn't compatible with Keycloak. That means that even with the same users across multiple Entando Instances, the role and group mappings have to be configured on each instance.\n\n## Properties\n\u003e- `keycloak.enabled`: Enables this plugin. (The default is `false`)\n\u003e- `keycloak.auth.url`: It's the Keycloak auth url. Example: `https://is.yourdomain.com/auth`. (The default is `http://localhost:8081/auth`)\n\u003e- `keycloak.realm`: The keycloak realm. See https://www.keycloak.org/docs/3.2/server_admin/topics/overview/concepts.html . (The default is `entando`)\n\u003e- `keycloak.client.id`: The keycloak confidential client id. (The default is `entando-app`)\n\u003e- `keycloak.client.secret`: The secret from the keycloak client. (The default is `\u003cblank\u003e`)\n\u003e- `keycloak.public.client.id`: The second keycloak client, this one must be public. (The default is `entando-web`)\n\u003e- `keycloak.secure.uris`: **[OPTIONAL]** Use if you want to secure an endpoint. Works with wildcards, comma separated.\n\u003e- `keycloak.authenticated.user.default.authorizations`: **[OPTIONAL]** Use if you want to automatically assign `group:role` to any user that logs in, comma separated. Example: `administrators:admin,readers`\n\n## Installing\n\n### Installing on your project\nFirst add the `entando-keycloak-auth` dependency to your pom.xml\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.entando.entando\u003c/groupId\u003e\n    \u003cartifactId\u003eentando-keycloak-auth\u003c/artifactId\u003e\n    \u003cversion\u003e1.0.0-SNAPSHOT\u003c/version\u003e\n    \u003ctype\u003ewar\u003c/type\u003e\n\u003c/dependency\u003e\n```\n\n### Edit web.xml\nTo Oauth2 work properly, we have to replace the springDispatcher contextConfigLocation by replacing the regular `classpath:spring/web/servlet-context.xml` entry with the keycloak one `classpath:spring/web/servlet-context-keycloak.xml`,\n\nHere what it should look like:\n\n```xml\n\u003cservlet\u003e\n    \u003cservlet-name\u003espringDispatcher\u003c/servlet-name\u003e\n    \u003cservlet-class\u003eorg.springframework.web.servlet.DispatcherServlet\u003c/servlet-class\u003e\n    \u003cinit-param\u003e\n        \u003cparam-name\u003econtextConfigLocation\u003c/param-name\u003e\n        \u003cparam-value\u003eclasspath:spring/web/servlet-context-keycloak.xml\u003c/param-value\u003e\n    \u003c/init-param\u003e\n    \u003cload-on-startup\u003e1\u003c/load-on-startup\u003e\n\u003c/servlet\u003e\n```\n\n#### Edit systemParams.properties\n\nThen you have to open the `systemParams.properties` to add keycloak configuration\n\n```properties\nkeycloak.enabled=true\nkeycloak.auth.url=${KEYCLOAK_AUTH_URL:http://localhost:8081/auth}\nkeycloak.realm=${KEYCLOAK_REALM:entando-development}\nkeycloak.client.id=${KEYCLOAK_CLIENT_ID:entando-core}\nkeycloak.client.secret=${KEYCLOAK_CLIENT_SECRET:930837f0-95b2-4eeb-b303-82a56cac76e6}\nkeycloak.public.client.id=${KEYCLOAK_PUBLIC_CLIENT_ID:entando-web}\nkeycloak.secure.uris=/api/plugins/cms/contents/*/model/*,/api/pwa/notifications/*\nkeycloak.authenticated.user.default.authorizations=administrators:admin,readers\n```\n\n## Keycloak Setup\nIn order to setup keycloak to work with entando instance, please refer to the documentation here https://github.com/entando/entando-keycloak-plugin/wiki/Setup-Keycloak\n\n## Keycloak Standard Flow\nTo enable the standard flow to keep sessions between Entando instances, please refer to the documentation here\nhttps://github.com/entando/entando-keycloak-plugin/wiki/Enable-Standard-Flow-for-Keycloak-Login\n\n## Known issues\n\n### org.apache.log4j.spi.LoggerFactory\n\nIf you run this following exception:\n\n```java\nCaused by: java.lang.NoClassDefFoundError: org/apache/log4j/spi/LoggerFactory\n\tat java.lang.Class.forName0(Native Method)\n\tat java.lang.Class.forName(Class.java:264)\n\tat org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74)\n\tat org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137)\n\tat org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154)\n\tat org.owasp.esapi.reference.DefaultEncoder.\u003cinit\u003e(DefaultEncoder.java:75)\n\tat org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:59)\n\t... 82 more\n```\n\nIt might also be a dependency conflict, to fix this issue, add the following dependency to your `pom.xml` file.\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003elog4j\u003c/groupId\u003e\n    \u003cartifactId\u003elog4j\u003c/artifactId\u003e\n    \u003cversion\u003e1.2.17\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n## Testing\nTo run unit tests:\n```\n$ mvn test\n```\n\nSome tests are being tested with a real Keycloak instance so, in order to test, you have to start the keycloak before.\n```\n$ docker-compose -f keycloak/docker-compose.yml up -d\n$ mvn failsafe:integration-test\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fentando%2Fentando-keycloak-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fentando%2Fentando-keycloak-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fentando%2Fentando-keycloak-plugin/lists"}