These quickstarts run on WildFly 10.
Prior to running the quickstarts you should read this entire document and have completed the following steps:
Afterwards you should read the README file for the quickstart you would like to deploy. See examples for a list of the available quickstarts.
If you run into any problems please refer to the troubleshooting section.
The quickstart README files use the replaceable value KEYCLOAK_HOME to denote the path to the Keycloak installation and the value WILDFLY_HOME to denote the path to the WildFly installation. When you encounter this value in a README file, be sure to replace it with the actual path to your installations.
The applications these projects produce are designed to be run on WildFly Application Server 10. All you need to build these projects is Java 8 (Java SDK 1.8) and Maven 3.8.2 or later.
To start the Keycloak server as a container, run the following command:
podman|docker run --name keycloak -p 8180:8180 \
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:latest \
start-dev \
--http-port 8180 \
--http-relative-path /auth
The URL of the Keycloak server will be http://localhost:8180/auth.
To be able to use the examples you need to create some roles as well as at least one sample user. To do first this open the Keycloak admin console (localhost:8180/admin or http://<HOSTNAME>:8080/admin) and login with the admin credentials:
- Username: admin
- Password: admin
Start by creating a user role:
- Select
Roles
from the menu - Click
Add Role
- Enter
user
asRole Name
- Click
Save
Next create a user:
- Select
Users
from the menu - Click
Add user
- Enter any values you want for the user
- Click
Save
- Select
Credentials
from the tabs - Enter a password in
New Password
andPassword Confirmation
- Click on the toggle to disable
Temporary
- Click
Reset Password
- Click
Role Mappings
- Select
user
underAvailable Roles
and clickAdd selected
As an alternative to manually creating the role and user you can use the partial import feature in the admin console and import the file config/partial-import.json into your realm.
One more step, if you want to access the examples with the admin user you need to add the user
role to admin user:
- Select
Users
from the menu - Click
View all users
- Click
Edit
for admin user - Click
Role Mappings
- Select
user
underAvailable Roles
and clickAdd selected
Before starting the WildFly Server start by extracting the Keycloak client adapter into it.
For WildFly extract keycloak-wildfly-adapter-${project.version}.zip
into WILDFLY_HOME.
If you plan to try the SAML examples you also need the SAML WildFly adapter. To do this for WildFly
keycloak-saml-wildfly-adapter-dist-${project.version}.zip
into WILDFLY_HOME.
The next step is to start WildFly server:
-
Open a terminal and navigate to the root of the WildFly server directory.
-
Use the following command to start the WildFly server:
For Linux: WILDFLY_HOME/bin/standalone.sh For Windows: WILDFLY_HOME\bin\standalone.bat
-
To install the Keycloak adapter run the following commands:
For Linux: WILDFLY_HOME/bin/jboss-cli.sh -c --file=WILDFLY_HOME/bin/adapter-install.cli WILDFLY_HOME/bin/jboss-cli.sh -c --command=:reload For Windows: WILDFLY_HOME\bin\jboss-cli.bat -c --file=WILDFLY_HOME\bin\adapter-install.cli WILDFLY_HOME\bin\jboss-cli.bat -c --command=:reload
-
If you plan to try the SAML examples you also need to install Keycloak SAML adapter:
For Linux: WILDFLY_HOME/bin/jboss-cli.sh -c --file=WILDFLY_HOME/bin/adapter-install-saml.cli WILDFLY_HOME/bin/jboss-cli.sh -c --command=:reload For Windows: WILDFLY_HOME\bin\jboss-cli.bat -c --file=WILDFLY_HOME\bin\adapter-install-saml.cli WILDFLY_HOME\bin\jboss-cli.bat -c --command=:reload
- app-authz-rest-employee - SpringBoot REST Service Protected Using Keycloak Authorization Services
- app-jee-html5 - HTML5 application that invokes the example service. Requires service example to be deployed.
- app-jee-jsp - JSP application packaged that invokes the example service. Requires service example to be deployed.
- app-profile-jee-html5 - HTML5 application that displays user profile and token details.
- app-profile-jee-jsp - JSP application that displays user profile and token details.
- app-profile-jee-vanilla - JSP application configured with basic authentication. Shows how to secure an application with the client adapter subsystem.
- app-profile-saml-jee-jsp - JSP application that uses SAML and displays user profile.
- app-springboot - SpringBoot application that is secured with Keycloak. Requires SpringBoot Service.
- service-jee-jaxrs - JAX-RS Service with public and protected endpoints.
Problem | Probable Cause | Possible Solution |
---|---|---|
Some required files are missing / Some Enforcer rules have failed | Client adapter config is missing | Add client adapter installation file to config directory as specified in quickstart README.md |
Unknown authentication mechanism KEYCLOAK | OpenID Connect client adapter missing | Install OpenID Connect adapter as specified in the Start and Configure the WildFly Server section |
Unknown authentication mechanism KEYCLOAK-SAML | SAML client adapter missing | Install SAML adapter as specified in the Start and Configure the WildFly Server section |
Failed to invoke service: 404 Not Found | Service not deployed, or service URL not correct | Deploy service or change the URL for the service as specified in the quickstart README |
Failed to invoke service: Request failed message with no error code | CORS not enabled | Most likely cause is that you've deployed the HTML5 application to a different host than the service, if so the solution is to add CORS support to the service. See the README for the service for how to enable. |
Page displays: Forbidden | Authenticated user is missing a role required to access the url | This can happen if you fail to add user role to admin user as instructed in Create Roles and User. |