https://github.com/ops4j/org.ops4j.pax.keycloak
Pax Keycloak
https://github.com/ops4j/org.ops4j.pax.keycloak
Last synced: about 1 year ago
JSON representation
Pax Keycloak
- Host: GitHub
- URL: https://github.com/ops4j/org.ops4j.pax.keycloak
- Owner: ops4j
- Created: 2017-12-15T10:18:39.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2023-01-13T01:54:38.000Z (over 3 years ago)
- Last Synced: 2024-04-13T16:08:25.504Z (about 2 years ago)
- Language: Java
- Size: 56.6 KB
- Stars: 7
- Watchers: 56
- Forks: 5
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Pax Keycloak
============
Pax Keycloak aimed at providing support for [Keycloak](http://www.keycloak.org) in [Apache Karaf](https://karaf.apache.org).
## Rationale
The reason behind this project was to provide these Karaf features:
* pax-keycloak-http-jetty
* pax-keycloak-http-tomcat
* pax-keycloak-http-undertow
These features provided an integration point between pax-web and Keycloak.
## Change
Everything has changes (and became simpler) with [PAXWEB-1161](https://ops4j1.jira.com/browse/PAXWEB-1161) issue that _reverted_
the dependency between pax-web and Keycloak.
New pax-web's `org.ops4j.pax.web.service.AuthenticatorService` is now implemented by Keycloak itself and detected by pax-web using service locator pattern.
Keycloak ships 3 jars that include `/META-INF/services/org.ops4j.pax.web.service.AuthenticatorService` service:
* org.keycloak:keycloak-pax-web-jetty94
* org.keycloak:keycloak-pax-web-tomcat8
* org.keycloak:keycloak-pax-web-undertow
special pax-keycloak project is no longer needed.
Keycloak documentation related to integration with pax web is [in the section for Fuse 7 in official documentation](https://www.keycloak.org/docs/latest/securing_apps/index.html#_fuse7_adapter).
Examples (specific to Fuse 7, but should work on plain Karaf as well) related to pax-web and keycloak integration
[can be found here](https://github.com/jboss-fuse/karaf-quickstarts/tree/7.x.redhat-7-x/security/keycloak).
## Examples
In order to run examples, we'll use Apache Karaf 4.2.3, Keycloak 4.5.0.Final (least version where integration works without issues) and Camel 2.23.0.
In Karaf, we have to add Keycloak (use Keycloak 4.5.0.Final or newer) and Camel feature repositories:
karaf@root()> feature:repo-add mvn:org.keycloak/keycloak-osgi-features/4.5.0.Final/xml/features
Adding feature url mvn:org.keycloak/keycloak-osgi-features/4.5.0.Final/xml/features
karaf@root()> feature:repo-add mvn:org.apache.camel.karaf/apache-camel/2.23.0/xml/features
Adding feature url mvn:org.apache.camel.karaf/apache-camel/2.23.0/xml/features
Integration with Jetty and Tomcat should work as well, but we'll use Undertow:
karaf@root()> feature:install pax-http-undertow
## Simple HttpService example
`keycloak-httpservice` example shows the most fundamental integration, where plain `javax.servlet.http.HttpServlet` instance is registered using OSGi Http Service.
After building project using `mvn clean install -Phttpservice-named`, we can install the bundle in Karaf (there's also profile `httpservice-default` - more details in [keycloak-httpservice/README.md](keycloak-httpservice/README.md):
karaf@root()> install mvn:org.ops4j.pax.keycloak.quickstarts/keycloak-httpservice/1.0.0
Bundle ID: 126
karaf@root()> start 126
karaf@root()>
Assuming that Keycloak is running on localhost:8180 and required realm is prepared in Keycloak (to configured Keycloak itself, please refer to [official documentation](https://www.keycloak.org/docs/latest/)), where:
* realm name is `karaf`
* there's client `hs-info` Keycloak _client_ configured with:
* standard flow enabled
* access type: `public`
* Valid redirect URIs: `http://localhost:8181/*`
* Base URL: `http://localhost:8181/`
* Web Origins: `+`
* Role: `admin`
We have to create `${karaf.etc}/app1-keycloak.json` file with:
{
"realm": "karaf",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required": "external",
"resource": "hs-info",
"public-client": true,
"use-resource-role-mappings": true,
"confidential-port": 0,
"principal-attribute": "preferred_username"
}
With the above configuration, we can browse to http://localhost:8181/app1/info and see a login page from Keycloak. After logging in there should be a page presented that shows details about user from Keycloak.
## Camel example
Here's an example of how to integrate pax-web, keycloak, and Camel. `keycloak-camel-blueprint` shows how
Camel integrates with keycloak and pax-web.
After building project using `mvn clean install`, we can install the bundle in Karaf (more details in [keycloak-camel-blueprint/README.md](keycloak-camel-blueprint/README.md))):
Install Camel features and `keycloak-pax-http-undertow`:
karaf@root()> feature:install camel
karaf@root()> feature:install camel-undertow
karaf@root()> feature:install -v keycloak-pax-http-undertow
Now we're ready to install Camel application that uses Keycloak integration.
karaf@root()> install mvn:org.ops4j.pax.keycloak.quickstarts/keycloak-camel-blueprint/1.0.0
Bundle ID: 128
karaf@root()> start 128
Assuming that Keycloak is running on localhost:8180 and required realm is prepared in Keycloak (to configured Keycloak itself, please refer to [official documentation](https://www.keycloak.org/docs/latest/)), where:
* realm name is `karaf`
* there's client `camel-undertow-endpoint` Keycloak _client_ configured with:
* direct access grants flow enabled
* access type: `confidential`
* Base URL: `http://localhost:8383/`
* Role: `admin`
* secret: `f591a8ae-5a82-40de-9190-ea84ceca05a7`
we can run `org.ops4j.pax.keycloak.quickstarts.camel.CamelClientTest.accessCamelRoute` JUnit test that shows how to access such route programmatically. The JUnit test shows how to perform _OAuth2 dance_ to get a token and use this token to access Camel route.