1) Overview

This article explains how to use the the keycloak Authz examples with Redhat SSO.

2) RH-SSO server

Examples are by default provided on a a jboss server at address 8080.

RH-SSO needs some parameter customization to be launched

  • It is required to launch RH-SSO server on a different port address. (8180 is used in our case)
  • Authorisation Services need to be enabled with the command -DTECH_PREVIEW

3)  JBOSS server
3.1) Starting JBoss Server

You need to installed RH-SSO adapter rh-sso-7.1.0-eap7-adapter.zip. For further information about jboss rh-sso adapter, to RH-SSO admin guide.

3.2) Managing deployed application using JBoss CLI (jboss-cli.sh)

The easiest way to manage deployed application is using the Jboss cli command.

The most useful commands of jboss cli are:

  • connect: allow to connect to the CLI
  • deploy: allow to list deployed war file application
  • deploy <war-file>: deploy a specific application
  • undeploy <war-file> : undeploy a specific application

4) Compiling RH-SSO and using AuthZ Examples

The release to be used is 2.5.X (i.e 2.5.11)
Authz examples can be found at:

https://github.com/keycloak/keycloak/tree/master/examples/authz

4.1) Source code adaption

Examples source code needs to be adapted for RH-SSO Server which run on port 8180.

4.1.1) RH-SSO Authentication Server port to be adjusted

Moreover, all the call to te RH-SSO server ending with:

  • http://localhost:8080/auth

needs to be replaced with

  • http://localhost:8180/auth

Example:

This modification has to be done on all teh files which contain the above mentioned pattern.

4.1.2)  Jboss URL to be fully specified

On RH-SSO Client configuration the FQDN  of the JBoss client application needs to be fully specified such as

5) Deploying the Authz examples

Once you have done all the small changes mentionned earliar
To deploy each example, you just need to follow the README of each example.

5.1) Deployment Tips

Before using a new example, make sure that all the users  are empty, as the json file  that you will upload contain some specific userproperty for a given example.

If you don’t cleanit, you may end up with inconsistencies, as you current user property will not be correct.

5.2) Troubleshooting an example

The most common source of issue is related of the modification that have been introduced:

  • Make sure that ALL Authorization Server request have to go to port http://localhost:8180/auth
  • Make sure that ALL application are deployed wrt http://localhost:8080
5.3) Bug Fix (photoz-restful-api-authz-service.json)

in the photoz example, is mentioned to upload

When you follow the README, execution breaks with error message such as :

In fact, this is due to the fact that you need to import the json file from the target, where ${project.version} has been fully resolved:

When you build the example, there is a filtered version of at photoz-restful-api-authz-service.json photoz/photoz-restful-api/target/classes/photoz-restful-api-authz-service.json. This is the file you need to import

 

 

Olivier Rivat

Olivier Rivat

Senior Software Engineer with over 25 years of experience doing Software Development, Support and Consulting in Identity and Access Management Solutions.
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Olivier Rivat