I generated new app with Jhipster generator, v4.10.0. I'd like to use OAuth2 powered by Keycloak running in separate (it's own) application server, used by more applications. It means, not in Docker. I set 'application.yml' according to http://www.jhipster.tech/security/ .. server, port, clientId, clientSecret => rebuild app. mvnw -Pprod package -DskipTests Keycloak function tested by SoapUi. It returns JSON object with tokens as usual. KEYCLOAK use on localhost for development Keycloak Download Keycloak server from http://www.keycloak.org/downloads.html you can follow documentation "Getting started". My steps unzip in servers location C:\Servers\Keycloak\ standalone.xml => set port-offset: 10000 because on zero there application server runs cmd cd C:\Servers\Keycloak\bin run standalone.bat open browser http://localhost:18080/auth go to admin console create new realm "jhipster" I used User federation to add LDAP users (Synchronize all users), next option is to add users manualy add roles (JHipster uses ADMIN and USER, SYSTEM) or Sync LDAP Roles To Keycloak create new client in this new realm jhipster client setting don't forget symbol + at Web origins in Credentials choose Client ID and secret, generate secret and use it in application.yaml file

Reputation: 31

Using Keycloak with JHipster 4.10.0

I generated new app with Jhipster generator, v4.10.0.

I'd like to use OAuth2 powered by Keycloak running in separate (it's own) application server, used by more applications. It means, not in Docker.

I set 'application.yml' according to http://www.jhipster.tech/security/ .. server, port, clientId, clientSecret => rebuild app.

mvnw -Pprod package -DskipTests

Keycloak function tested by SoapUi. It returns JSON object with tokens as usual.

KEYCLOAK use on localhost for development

Keycloak Download Keycloak server from http://www.keycloak.org/downloads.html you can follow documentation "Getting started".

My steps

unzip in servers location C:\Servers\Keycloak\
standalone.xml => set port-offset: 10000 because on zero there application server runs
cmd cd C:\Servers\Keycloak\bin
run standalone.bat
open browser http://localhost:18080/auth
go to admin console
create new realm "jhipster"
I used User federation to add LDAP users (Synchronize all users), next option is to add users manualy
add roles (JHipster uses ADMIN and USER, SYSTEM) or Sync LDAP Roles To Keycloak
create new client in this new realm

jhipster client setting don't forget symbol + at Web origins

in Credentials choose Client ID and secret, generate secret and use it in application.yaml file

Upvotes: 3

Answers (1)

Josef Ill

Reputation: 31

@Mubasher question:

I deployed jhipster-app.war on WildFly10 application server. See standalone.xml setting below.

You can add new extension

<extension module="org.keycloak.keycloak-adapter-subsystem"/>

Then modify security subsystem in profile element.

<subsystem xmlns="urn:jboss:domain:security:1.2">
    <security-domains>
        <security-domain name="other" cache-type="default">
            <authentication>
                <login-module code="Remoting" flag="optional">
                    <module-option name="password-stacking" value="useFirstPass"/>
                </login-module>
                <login-module code="RealmDirect" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                </login-module>
            </authentication>
        </security-domain>
        <security-domain name="jboss-web-policy" cache-type="default">
            <authorization>
                <policy-module code="Delegating" flag="required"/>
            </authorization>
        </security-domain>
        <security-domain name="jboss-ejb-policy" cache-type="default">
            <authorization>
                <policy-module code="Delegating" flag="required"/>
            </authorization>
        </security-domain>
        <security-domain name="jaspitest" cache-type="default">
            <authentication-jaspi>
                <login-module-stack name="dummy">
                    <login-module code="Dummy" flag="optional"/>
                </login-module-stack>
                <auth-module code="Dummy"/>
            </authentication-jaspi>
        </security-domain>
        <security-domain name="keycloak">
            <authentication>
                <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
            </authentication>
        </security-domain>
    </security-domains>
</subsystem>

Finally mention this, in the end of profile element.

<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>

application-dev.yaml

I suppose that you managed to set database in this configuration file. So, I show you only security part. According to your Keycloak realm setting, please change client ID and secret.

security:
    basic:
        enabled: false
    oauth2:
        client:
            access-token-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/token
            user-authorization-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/auth
            client-id: jhipster
            client-secret: e0ceb945-9b56-42d3-af1a-f68221adddec
            client-authentication-scheme: form
            scope: openid profile email
        resource:
            user-info-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/userinfo
            token-info-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/token/introspect
            prefer-token-info: false
            use-resource-role-mappings: true

Upvotes: 0

Using Keycloak with JHipster 4.10.0

KEYCLOAK use on localhost for development

Answers (1)

Related Questions