Skip to content

Example how to use JAAS keycloak adapter (direct access grant loginmodule)

License

Notifications You must be signed in to change notification settings

kluiverjh/JaasKeycloak

Repository files navigation

JAAS (Java Authentication and Authorization Services)

Simple example how to setup the JAAS KEYCLOAK adapter. The adapter uses Direct Access Grants method to gain access token from keycloak.

The application will validate (hardcoded) username and password against keycloak (or local debug LoginModule). And check if role exists.

In this example user and password are send in http to keycloak, a https url should be used to make it secure.

Keycloak docker

For testing, the easiest way is to setup a keycloak docker container

docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1

Setup keycloak for demo application

  • Open 'http://localhost:8080'

  • Login on administration console with username 'admin' and password 'admin'

    Login
  • Add realm 'realm_demo'

    add_realm

  • Add client 'keycloak-demo-client'

    add_client

  • Configure client with access type confidential and direct access grants enabled.

  • The client secret can now be found on tab credentials

  • Add the role 'example_role_read' to the client

    add_client

  • Add user 'testuser'

    add_user

  • Set password "testpassword' (as defined in LoginCallbackHandler.java)

    Important Temporary password must be off.

  • Add role ''example_role_read' to client

    client_add_role

    client_add_role_to_user

  • Make sure 'keycloak.json' matches the values as set above

https://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html

https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jaas.adoc

https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/java-adapter-config.adoc

Releases

No releases published

Packages

No packages published

Languages