keycloak

카테고리 없음

by moneygom 2018. 8. 24. 01:19

소개

"Open Source Identity and Access Management" for Modern Application and Services

홈페이지

https://www.keycloak.org/

문서

https://www.keycloak.org/documentation.html

Guides

Release Notes
Getting Started	How to get started with Keycloak
Server Installation and Configuration	Installation and offline configuration of the Keycloak server
Securing Applications and Services	How to secure applications and services with Keycloak
Server Administration	Management and runtime configuration of the Keycloak server
Server Developer	Creating themes and providers to customize the Keycloak server
Authorization Services	Centrally manage fine-grained permissions for applications and services
Upgrading	Upgrading Keycloak server and adapters

API Documentation

JavaDoc	Documentation for Java API
Administration REST API	Documentation for the Adminstration RESTful API

소스코드

https://github.com/keycloak/keycloak

기술지원

https://www.keycloak.org/support.html

커뮤니티 오픈소스 버젼에 대한 지원은 불가하며 'RH-SSO(Red Hat Single Sign On)' 에 대한 구매로 Commercial Support가 가능하다.

JBoss EAP 관련 구매한 경우에는 'RH-SSO'가 포함된 관계로 별도 구매 없이 지원이 가능하며 별도 RH-SSO만 구매는 안된다.

현재 Commercial Support 지원 버젼은 아래와 같다. (커뮤니티 버젼은 4.3.0)

RH-SSO 7.2.0.GA	Derived from Keycloak 3.4.3.Final
RH-SSO 7.1.0.GA	Derived from Keycloak 2.5.5.Final
RH-SSO 7.0.0.GA	Derived from Keycloak 1.9.8.Final

커뮤니티

https://www.keycloak.org/community.html

User Mailing List : https://lists.jboss.org/mailman/listinfo/keycloak-user

JIRA : https://issues.jboss.org/browse/KEYCLOAK

Search documentation and forums : https://www.keycloak.org/search.html

Architecture

자료 : https://www.keycloak.org/docs/3.1/authorization_services/topics/overview/architecture.html

Policy Administration Point(PAP)

Provides a set of UIs based on the Keycloak Administration Console to manage resource servers, resources, scopes, permissions, and policies. Part of this is also accomplished remotely through the use of the Protection API.

Policy Decision Point(PDP)

Provides a distributable policy decision point to where authorization requests are sent and policies are evaluated accordingly with the permissions being requested. Part of this is also accomplished remotely through the use of the Authorization and Entitlement APIs.

Policy Enforcement Point(PEP)

Provides implementations for different environments to actually enforce authorization decisions at the resource server side. Keycloak provides some built-in Policy Enforcers.

Policy Information Point(PIP)

Being based on Keycloak Authentication Server, you can obtain attributes from identities and runtime environment during the evaluation of authorization policies.

AuthZ Process

Maven Building

$ mvn clean install -DskipTests=true

...................

생략

...................

[INFO] ------------------------------------------------------------------------

[INFO] Reactor Summary:

[INFO]

[INFO] Keycloak BOM Parent ................................ SUCCESS [ 30.380 s]

[INFO] Keycloak BOM for adapters .......................... SUCCESS [ 0.054 s]

[INFO] Keycloak BOM for server extensions ................. SUCCESS [ 0.015 s]

[INFO] Keycloak 4.3.0.Final-SNAPSHOT ...................... SUCCESS [ 0.076 s]

[INFO] Keycloak Common .................................... SUCCESS [ 47.156 s]

[INFO] Keycloak Core ...................................... SUCCESS [ 10.613 s]

[INFO] Keycloak Drools BOM ................................ SUCCESS [ 0.073 s]

[INFO] Keycloak Server SPI ................................ SUCCESS [ 19.605 s]

[INFO] Keycloak Server Private SPI ........................ SUCCESS [ 7.042 s]

[INFO] Keycloak Kerberos Federation ....................... SUCCESS [ 0.395 s]

[INFO] Keycloak LDAP UserStoreProvider .................... SUCCESS [ 1.554 s]

[INFO] Keycloak SAML Core Public API ...................... SUCCESS [ 8.902 s]

[INFO] Keycloak SAML Core ................................. SUCCESS [ 7.039 s]

[INFO] Keycloak REST Services ............................. SUCCESS [01:33 min]

[INFO] Keycloak JS Integration ............................ SUCCESS [ 15.327 s]

[INFO] Keycloak Themes .................................... SUCCESS [ 12.546 s]

[INFO] Keycloak Dependencies Server Min ................... SUCCESS [ 0.075 s]

[INFO] Keycloak Model JPA ................................. SUCCESS [ 38.019 s]

[INFO] Keycloak Model Infinispan .......................... SUCCESS [ 25.006 s]

[INFO] Keycloak SSSD Federation ........................... SUCCESS [ 10.056 s]

[INFO] KeyCloak Authz: Parent ............................. SUCCESS [ 0.051 s]

[INFO] KeyCloak AuthZ: Provider Parent .................... SUCCESS [ 0.057 s]

[INFO] KeyCloak AuthZ: Common Policy Providers ............ SUCCESS [ 0.872 s]

[INFO] KeyCloak AuthZ: Drools Policy Provider ............. SUCCESS [ 31.068 s]

[INFO] Keycloak Dependencies Server All ................... SUCCESS [ 0.094 s]

[INFO] Keycloak Dependencies Parent ....................... SUCCESS [ 0.032 s]

[INFO] Keycloak Federation ................................ SUCCESS [ 0.064 s]

[INFO] Keycloak Model Parent .............................. SUCCESS [ 0.032 s]

[INFO] Keycloak Util Embedded LDAP ........................ SUCCESS [01:28 min]

[INFO] Keycloak Util Parent ............................... SUCCESS [ 0.030 s]

[INFO] Keycloak WildFly Integration ....................... SUCCESS [ 0.036 s]

[INFO] Keycloak WildFly Add User Script ................... SUCCESS [ 14.734 s]

[INFO] Keycloak WildFly Extensions ........................ SUCCESS [ 1.687 s]

[INFO] Keycloak WildFly Server Subsystem .................. SUCCESS [01:39 min]

[INFO] Keycloak Integration ............................... SUCCESS [ 0.086 s]

[INFO] Keycloak Admin REST Client ......................... SUCCESS [ 9.123 s]

[INFO] Keycloak Client Registration API ................... SUCCESS [ 0.634 s]

[INFO] Keycloak Client CLI ................................ SUCCESS [ 0.038 s]

[INFO] Keycloak Client Registration CLI ................... SUCCESS [ 13.007 s]

[INFO] Keycloak Admin CLI ................................. SUCCESS [ 7.641 s]

[INFO] Keycloak Client CLI Distribution ................... SUCCESS [ 7.372 s]

[INFO] Keycloak Adapter SPI ............................... SUCCESS [ 4.132 s]

[INFO] Keycloak Tomcat Adapter SPI ........................ SUCCESS [ 7.797 s]

[INFO] Keycloak Undertow Integration SPI .................. SUCCESS [ 5.786 s]

[INFO] Keycloak Servlet Integration ....................... SUCCESS [ 1.961 s]

[INFO] Common JBoss/Wildfly Core Classes .................. SUCCESS [ 6.057 s]

[INFO] Keycloak Jetty Adapter SPI ......................... SUCCESS [ 14.420 s]

[INFO] Keycloak Client Adapter SPI Modules ................ SUCCESS [ 0.040 s]

[INFO] Keycloak SAML Client Adapter Public API ............ SUCCESS [ 0.369 s]

[INFO] Keycloak SAML Client Adapter Core .................. SUCCESS [ 1.195 s]

[INFO] Keycloak Undertow SAML Adapter ..................... SUCCESS [ 0.681 s]

[INFO] Keycloak SAML Tomcat Integration ................... SUCCESS [ 0.035 s]

[INFO] Keycloak Tomcat Core SAML Integration .............. SUCCESS [ 0.994 s]

[INFO] Keycloak Tomcat 8 SAML Integration ................. SUCCESS [ 14.515 s]

[INFO] Keycloak Tomcat 6 Saml Integration ................. SUCCESS [ 0.213 s]

[INFO] Keycloak Tomcat 7 SAML Integration ................. SUCCESS [ 8.537 s]

[INFO] Keycloak Wildfly SAML Adapter ...................... SUCCESS [ 0.993 s]

[INFO] KeyCloak Authz: Client API ......................... SUCCESS [ 1.252 s]

[INFO] Keycloak Adapter Core .............................. SUCCESS [ 1.603 s]

[INFO] Keycloak WildFly Elytron SAML Adapter .............. SUCCESS [ 0.727 s]

[INFO] Keycloak Wildfly SAML Adapter Subsystem ............ SUCCESS [ 2.882 s]

[INFO] Keycloak SAML Wildfly Integration .................. SUCCESS [ 0.048 s]

[INFO] Keycloak AS7 / JBoss EAP 6 Integration ............. SUCCESS [ 0.357 s]

[INFO] Keycloak AS7 SPI ................................... SUCCESS [01:53 min]

[INFO] Keycloak SAML EAP Integration ...................... SUCCESS [ 0.049 s]

[INFO] Keycloak SAML AS7 Integration ...................... SUCCESS [ 13.911 s]

[INFO] Keycloak SAML AS7 Subsystem ........................ SUCCESS [ 15.706 s]

[INFO] Keycloak SAML Servlet Filter ....................... SUCCESS [ 0.456 s]

[INFO] Keycloak Jetty Core SAML Integration ............... SUCCESS [ 0.459 s]

[INFO] Keycloak Jetty 8.1.x SAML Integration .............. SUCCESS [ 0.320 s]

[INFO] Keycloak Jetty 9.1.x SAML Integration .............. SUCCESS [ 7.272 s]

[INFO] Keycloak Jetty 9.2.x SAML Integration .............. SUCCESS [ 8.758 s]

[INFO] Keycloak Jetty 9.3.x SAML Integration .............. SUCCESS [ 8.130 s]

[INFO] Keycloak Jetty 9.4.x SAML Integration .............. SUCCESS [ 7.799 s]

[INFO] Keycloak SAML Jetty Integration .................... SUCCESS [ 0.014 s]

[INFO] Keycloak SAML Client Adapter Modules ............... SUCCESS [ 0.013 s]

[INFO] Keycloak Tomcat Integration ........................ SUCCESS [ 0.054 s]

[INFO] Keycloak Tomcat Core Integration ................... SUCCESS [ 0.509 s]

[INFO] Keycloak AS7 Integration ........................... SUCCESS [ 2.232 s]

[INFO] Keycloak AS7 Subsystem ............................. SUCCESS [ 1.497 s]

[INFO] Keycloak Installed Application ..................... SUCCESS [ 0.535 s]

[INFO] Keycloak Undertow Integration ...................... SUCCESS [ 0.739 s]

[INFO] Keycloak Fuse 7.0 Integration ...................... SUCCESS [ 0.048 s]

[INFO] Keycloak Fuse 7.0 Adapter - Camel + Undertow ....... SUCCESS [ 31.392 s]

[INFO] Keycloak OSGI Adapter .............................. SUCCESS [ 9.331 s]

[INFO] Keycloak Fuse 7.0 Adapter - Undertow ............... SUCCESS [ 4.064 s]

[INFO] Keycloak Jetty Core Integration .................... SUCCESS [ 3.019 s]

[INFO] Keycloak Jetty 9.4.x Integration ................... SUCCESS [ 3.358 s]

[INFO] Keycloak Fuse 7.0 Adapter - Jetty 9.4 .............. SUCCESS [ 0.651 s]

[INFO] Keycloak Tomcat 8 Integration ...................... SUCCESS [ 0.492 s]

[INFO] Keycloak Fuse 7.0 Adapter - Tomcat 8 ............... SUCCESS [ 0.352 s]

[INFO] Keycloak CLI SSO Framework ......................... SUCCESS [ 10.113 s]

[INFO] Keycloak JAX-RS OAuth Client ....................... SUCCESS [ 0.461 s]

[INFO] Keycloak Jetty 8.1.x Integration ................... SUCCESS [ 0.426 s]

[INFO] Keycloak Jetty 9.1.x Integration ................... SUCCESS [ 0.336 s]

[INFO] Keycloak Jetty 9.2.x Integration ................... SUCCESS [ 0.401 s]

[INFO] Keycloak Jetty 9.3.x Integration ................... SUCCESS [ 0.285 s]

[INFO] Keycloak Jetty Integration ......................... SUCCESS [ 0.013 s]

[INFO] Keycloak Servlet Filter Adapter Integration ........ SUCCESS [ 0.219 s]

[INFO] Keycloak Servlet OAuth Client ...................... SUCCESS [ 0.244 s]

[INFO] spring-boot-container-bundle ....................... SUCCESS [ 1.917 s]

[INFO] Keycloak Spring Security Integration ............... SUCCESS [ 19.553 s]

[INFO] Keycloak Spring Boot Adapter Core .................. SUCCESS [ 42.937 s]

[INFO] Keycloak Spring Boot Integration ................... SUCCESS [ 41.166 s]

[INFO] Keycloak Spring Boot 2 Integration ................. SUCCESS [01:11 min]

[INFO] Keycloak Tomcat 6 Integration ...................... SUCCESS [ 0.517 s]

[INFO] Keycloak Tomcat 7 Integration ...................... SUCCESS [ 0.251 s]

[INFO] Keycloak Wildfly Integration ....................... SUCCESS [ 0.652 s]

[INFO] Keycloak Wildfly Elytron OIDC Adapter .............. SUCCESS [ 0.630 s]

[INFO] Keycloak Wildfly Adapter Subsystem ................. SUCCESS [ 4.562 s]

[INFO] Keycloak Wildfly 8 Adapter Subsystem ............... SUCCESS [01:36 min]

[INFO] Keycloak WildFly Integration ....................... SUCCESS [ 0.014 s]

[INFO] Keycloak OIDC Client Adapter Modules ............... SUCCESS [ 0.055 s]

[INFO] Keycloak Adapters .................................. SUCCESS [ 0.057 s]

[INFO] Keycloak Examples .................................. SUCCESS [ 0.058 s]

[INFO] Keycloak Examples - Admin Client ................... SUCCESS [ 6.956 s]

[INFO] Broker Examples .................................... SUCCESS [ 0.080 s]

[INFO] Keycloak Broker Examples - Facebook Authentication . SUCCESS [ 0.818 s]

[INFO] Keycloak Broker Examples - Google Authentication ... SUCCESS [ 0.513 s]

[INFO] Keycloak Broker Examples - SAML Identity Provider Brokering SUCCESS [ 0.606 s]

[INFO] Keycloak Broker Examples - Twitter Authentication .. SUCCESS [ 14.106 s]

[INFO] Keycloak Examples - CORS ........................... SUCCESS [ 0.070 s]

[INFO] Angular Product Portal JS .......................... SUCCESS [ 1.537 s]

[INFO] JAX-RS Database Service Using OAuth Bearer Tokens .. SUCCESS [ 4.512 s]

[INFO] Demo Examples ...................................... SUCCESS [ 0.049 s]

[INFO] Customer Portal - Secured via Valve ................ SUCCESS [ 2.679 s]

[INFO] Customer Portal - Secured via Servlet Filter ....... SUCCESS [ 5.325 s]

[INFO] Customer Portal CLI ................................ SUCCESS [ 3.191 s]

[INFO] Customer Portal JS ................................. SUCCESS [ 2.670 s]

[INFO] Product Portal ..................................... SUCCESS [ 8.417 s]

[INFO] EAR example ........................................ SUCCESS [ 19.735 s]

[INFO] Admin Access Example ............................... SUCCESS [ 1.050 s]

[INFO] Angular Product Portal JS .......................... SUCCESS [ 0.464 s]

[INFO] JAX-RS Database Service Using OAuth Bearer Tokens .. SUCCESS [ 0.742 s]

[INFO] Simple OAuth Client ................................ SUCCESS [ 0.433 s]

[INFO] Simple OAuth Client Using CDI and JSF .............. SUCCESS [ 8.777 s]

[INFO] Service Account Example App ........................ SUCCESS [ 0.804 s]

[INFO] Offline Access Portal .............................. SUCCESS [ 0.392 s]

[INFO] Provider Examples .................................. SUCCESS [ 0.056 s]

[INFO] Event Listener System.out Example .................. SUCCESS [ 0.452 s]

[INFO] Event Store In-Mem Example ......................... SUCCESS [ 0.637 s]

[INFO] Authenticator Example .............................. SUCCESS [ 2.023 s]

[INFO] REST Example ....................................... SUCCESS [ 0.239 s]

[INFO] Domain Extension Example ........................... SUCCESS [ 0.954 s]

[INFO] UserStorageProvider Simple Example ................. SUCCESS [ 0.531 s]

[INFO] User Storage JPA Provider Example .................. SUCCESS [ 0.396 s]

[INFO] JS Console ......................................... SUCCESS [ 0.104 s]

[INFO] Keycloak Examples - Multi Tenant ................... SUCCESS [ 0.295 s]

[INFO] Keycloak Examples - Basic Auth ..................... SUCCESS [ 6.160 s]

[INFO] Keycloak Examples - Kerberos Credential Delegation . SUCCESS [ 18.190 s]

[INFO] Themes Examples .................................... SUCCESS [ 25.550 s]

[INFO] SAML Examples ...................................... SUCCESS [ 0.522 s]

[INFO] Keycloak SAML Adapter Example POST Binding and Signatures SUCCESS [ 3.724 s]

[INFO] Keycloak SAML Adapter Example POST Binding and Assertion Encryption SUCCESS [ 1.765 s]

[INFO] Keycloak SAML Adapter Example Redirect Binding with Signatures SUCCESS [ 0.258 s]

[INFO] Keycloak SAML Adapter as a Servlet Filter .......... SUCCESS [ 2.653 s]

[INFO] LDAP Demo Application .............................. SUCCESS [ 3.801 s]

[INFO] Keycloak Misc ...................................... SUCCESS [ 1.131 s]

[INFO] Keycloak :: Spring :: Boot ......................... SUCCESS [ 0.138 s]

[INFO] Keycloak :: Spring :: Boot :: Default :: Starter .. SUCCESS [ 5.294 s]

[INFO] Keycloak :: Spring :: Boot ......................... SUCCESS [ 0.117 s]

[INFO] Keycloak :: Legacy :: Spring :: Boot :: Default :: Starter SUCCESS [ 30.779 s]

[INFO] keycloak-test-helper ............................... SUCCESS [ 56.260 s]

[INFO] Keycloak Launcher .................................. SUCCESS [ 1.392 s]

[INFO] Keycloak Proxy Server .............................. SUCCESS [ 1.236 s]

[INFO] Keycloak Proxy ..................................... SUCCESS [ 0.036 s]

[INFO] Keycloak TestSuite ................................. SUCCESS [ 0.081 s]

[INFO] Keycloak Arquillian Integration TestSuite .......... SUCCESS [ 0.030 s]

[INFO] Servers ............................................ SUCCESS [ 0.026 s]

[INFO] Auth Server ........................................ SUCCESS [ 0.077 s]

[INFO] Auth Server Services ............................... SUCCESS [ 0.064 s]

[INFO] Auth Server Services - Testsuite Providers ......... SUCCESS [02:18 min]

[INFO] Keycloak TestSuite Utils ........................... SUCCESS [01:03 min]

[INFO] Test apps .......................................... SUCCESS [ 0.106 s]

[INFO] integration-arquillian-test-apps-servlets .......... SUCCESS [ 2.895 s]

[INFO] Keycloak Integration TestSuite - deprecated ........ SUCCESS [ 24.547 s]

[INFO] Keycloak Tomcat 8 Integration TestSuite ............ SUCCESS [ 8.410 s]

[INFO] Test apps distribution ............................. SUCCESS [ 4.236 s]

[INFO] Keycloak Authz: PhotoZ Test Parent ................ SUCCESS [ 0.016 s]

[INFO] Keycloak Authz Test: Photoz RESTful API ............ SUCCESS [ 2.133 s]

[INFO] Keycloak Authz Tests: Photoz HTML5 Client .......... SUCCESS [ 0.057 s]

[INFO] Keycloak Authz Tests: Photoz Authz Rule-based Policy SUCCESS [ 0.059 s]

[INFO] Keycloak Authz Tests: Hello World Example .......... SUCCESS [ 0.056 s]

[INFO] Keycloak Authz: Servlet Authorization Test ......... SUCCESS [ 0.090 s]

[INFO] Keycloak Authz: Simple Servlet App with Policy Enforcer SUCCESS [ 0.084 s]

[INFO] Keycloak Test App Profile JEE ...................... SUCCESS [ 0.200 s]

[INFO] integration-arquillian-test-apps-cors-parent ....... SUCCESS [ 0.013 s]

[INFO] Angular Product Portal JS .......................... SUCCESS [ 0.246 s]

[INFO] JAX-RS Database Service Using OAuth Bearer Tokens .. SUCCESS [ 0.180 s]

[INFO] Fuse Test Applications ............................. SUCCESS [ 0.012 s]

[INFO] Customer Portal - Secured in Karaf/Fuse ............ SUCCESS [ 1.658 s]

[INFO] CXF JAXRS Example - Secured in Karaf/Fuse .......... SUCCESS [ 15.017 s]

[INFO] CXF JAXRS Example - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.423 s]

[INFO] CXF JAXWS Example - Secured in Karaf/Fuse .......... SUCCESS [ 24.632 s]

[INFO] CXF JAXWS Example - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.197 s]

[INFO] Product Portal - Secured in Karaf/Fuse ............. SUCCESS [ 0.500 s]

[INFO] Product Portal - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.366 s]

[INFO] Camel endpoint example - Secured in Karaf/Fuse ..... SUCCESS [ 12.546 s]

[INFO] Camel endpoint example - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.487 s]

[INFO] Keycloak Fuse Example - Features ................... SUCCESS [ 1.024 s]

[INFO] Keycloak Examples - External Config ................ SUCCESS [ 0.250 s]

[INFO] Auth Server - JBoss ................................ SUCCESS [ 0.053 s]

[INFO] Test Util .......................................... SUCCESS [ 51.484 s]

[INFO] Auth Server - Undertow ............................. SUCCESS [ 9.340 s]

[INFO] App Server ......................................... SUCCESS [ 0.056 s]

[INFO] App Server - SPI ................................... SUCCESS [ 1.260 s]

[INFO] App Server - JBoss ................................. SUCCESS [ 0.029 s]

[INFO] App Server - Karaf ................................. SUCCESS [ 0.013 s]

[INFO] App Server - Tomcat ................................ SUCCESS [ 0.014 s]

[INFO] App Server - Undertow .............................. SUCCESS [ 0.600 s]

[INFO] Cache Server ....................................... SUCCESS [ 0.034 s]

[INFO] Cache Server - JBoss Family ........................ SUCCESS [ 0.016 s]

[INFO] Tests .............................................. SUCCESS [ 1.688 s]

[INFO] Base TestSuite ..................................... SUCCESS [05:36 min]

[INFO] Other Tests Modules ................................ SUCCESS [ 0.035 s]

[INFO] Adapter Tests ...................................... SUCCESS [ 0.027 s]

[INFO] Adapter Tests - JBoss .............................. SUCCESS [ 0.022 s]

[INFO] Adapter Tests - Karaf .............................. SUCCESS [ 0.033 s]

[INFO] Adapter Tests - Tomcat ............................. SUCCESS [ 0.018 s]

[INFO] Adapter Tests - WAS ................................ SUCCESS [ 0.018 s]

[INFO] Adapter Tests - WLS ................................ SUCCESS [ 0.036 s]

[INFO] SSSD tests ......................................... SUCCESS [ 4.826 s]

[INFO] integration-arquillian-tests-springboot ............ SUCCESS [ 1.358 s]

[INFO] Base UI TestSuite .................................. SUCCESS [ 11.696 s]

[INFO] Keycloak Jetty 9.2.x Integration TestSuite ......... SUCCESS [ 12.360 s]

[INFO] Keycloak Jetty 9.3.x Integration TestSuite ......... SUCCESS [ 5.610 s]

[INFO] Keycloak Jetty 9.4.x Integration TestSuite ......... SUCCESS [ 7.210 s]

[INFO] Keycloak SAML Jetty Testsuite Integration .......... SUCCESS [ 0.029 s]

[INFO] Keycloak Security Proxy TestSuite .................. SUCCESS [ 12.933 s]

[INFO] Keycloak Tomcat 7 Integration TestSuite 4.3.0.Final-SNAPSHOT SUCCESS [ 19.413 s]

[INFO] ------------------------------------------------------------------------

[INFO] BUILD SUCCESS

[INFO] ------------------------------------------------------------------------

[INFO] Total time: 38:05 min

[INFO] Finished at: 2018-08-24T01:10:56+09:00

[INFO] ------------------------------------------------------------------------

Starting Keycloak

To start Keycloak during development first build as specified above, then run:

mvn -f testsuite/utils/pom.xml exec:java -Pkeycloak-server

To start Keycloak from the server distribution first build the distribution it as specified above, then run:

tar xfz distribution/server-dist/target/keycloak-<VERSION>.tar.gz
cd keycloak-<VERSION>
bin/standalone.sh

위의 내용과 같이 testsuite으로 기동하여 Keycloak을 살펴볼 수 있으며, Build된 버젼으로도 구동이 가능하다.

또한, 최신 빌드 버젼을 다운로드 받아 구동이 가능하다.

Download : https://www.keycloak.org/downloads.html

# keycloak의 다운로드 받은 경로에서 동일하게 실행

$ sh bin/standalone.sh

=========================================================================

JBoss Bootstrap Environment

JBOSS_HOME: /Users/zzon3/dev/keycloak_build/keycloak-4.3.0.Final

JAVA: java

JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true

=========================================================================

00:34:41,104 INFO [org.jboss.modules] (main) JBoss Modules version 1.6.1.Final

00:34:43,004 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.7.SP1

00:34:45,467 INFO [org.jboss.as] (MSC service thread 1-7) WFLYSRV0049: Keycloak 4.3.0.Final (WildFly Core 3.0.8.Final) starting

00:34:59,019 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.

00:34:59,104 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 20) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.

00:34:59,154 INFO [org.wildfly.security] (ServerService Thread Pool -- 19) ELY00001: WildFly Elytron version 1.1.6.Final

00:34:59,432 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)

00:34:59,568 INFO [org.xnio] (MSC service thread 1-4) XNIO version 3.5.4.Final

00:34:59,901 INFO [org.xnio.nio] (MSC service thread 1-4) XNIO NIO Implementation Version 3.5.4.Final

00:34:59,953 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 31) WFLYCLINF0001: Activating Infinispan subsystem.

00:34:59,957 WARN [org.jboss.as.txn] (ServerService Thread Pool -- 43) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.

00:35:00,232 INFO [org.jboss.as.security] (ServerService Thread Pool -- 42) WFLYSEC0002: Activating Security Subsystem

00:35:00,238 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 30) WFLYIO001: Worker 'default' has auto-configured to 8 core threads with 64 task threads based on your 4 available processors

00:35:00,306 INFO [org.jboss.as.jaxrs] (ServerService Thread Pool -- 32) WFLYRS0016: RESTEasy version 3.0.24.Final

00:35:00,661 INFO [org.jboss.as.security] (MSC service thread 1-1) WFLYSEC0001: Current PicketBox version=5.0.2.Final

00:35:00,791 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 37) WFLYNAM0001: Activating Naming Subsystem

00:35:01,951 INFO [org.jboss.as.connector] (MSC service thread 1-6) WFLYJCA0009: Starting JCA Subsystem (WildFly/IronJacamar 1.4.6.Final)

00:35:02,635 INFO [org.jboss.as.naming] (MSC service thread 1-6) WFLYNAM0003: Starting Naming Service

00:35:02,636 INFO [org.jboss.as.mail.extension] (MSC service thread 1-6) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]

00:35:03,505 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 26) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)

00:35:03,507 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = h2

00:35:03,629 INFO [org.wildfly.extension.undertow] (MSC service thread 1-6) WFLYUT0003: Undertow 1.4.18.Final starting

00:35:05,431 INFO [org.jboss.remoting] (MSC service thread 1-8) JBoss Remoting version 5.0.5.Final

00:35:10,275 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 44) WFLYUT0014: Creating file handler for path '/Users/zzon3/dev/keycloak_build/keycloak-4.3.0.Final/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']

00:35:10,468 INFO [org.jboss.as.ejb3] (MSC service thread 1-5) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 64 (per class), which is derived from thread worker pool sizing.

00:35:10,469 INFO [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 16 (per class), which is derived from the number of CPUs on this host.

00:35:11,040 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0012: Started server default-server.

00:35:11,117 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0018: Host default-host starting

00:35:12,575 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0006: Undertow HTTP listener default listening on 127.0.0.1:8080

00:35:14,741 INFO [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0493: EJB subsystem suspension complete

00:35:17,280 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-7) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]

00:35:17,280 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-4) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]

00:35:17,793 INFO [org.jboss.as.patching] (MSC service thread 1-8) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none

00:35:18,060 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-8) WFLYDS0013: Started FileSystemDeploymentService for directory /Users/zzon3/dev/keycloak_build/keycloak-4.3.0.Final/standalone/deployments

00:35:18,245 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-7) WFLYDM0111: Keystore /Users/zzon3/dev/keycloak_build/keycloak-4.3.0.Final/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost

00:35:18,383 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")

00:35:19,944 INFO [org.wildfly.extension.undertow] (MSC service thread 1-6) WFLYUT0006: Undertow HTTPS listener https listening on 127.0.0.1:8443

00:35:31,415 INFO [org.infinispan.factories.GlobalComponentRegistry] (MSC service thread 1-8) ISPN000128: Infinispan version: Infinispan 'Chakra' 8.2.8.Final

00:35:39,362 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 50) WFLYCLINF0002: Started keys cache from keycloak container

00:35:39,362 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 53) WFLYCLINF0002: Started clientSessions cache from keycloak container

00:35:39,359 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 52) WFLYCLINF0002: Started authenticationSessions cache from keycloak container

00:35:39,361 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container

00:35:39,361 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 48) WFLYCLINF0002: Started work cache from keycloak container

00:35:39,361 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started users cache from keycloak container

00:35:39,361 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 49) WFLYCLINF0002: Started sessions cache from keycloak container

00:35:39,358 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 55) WFLYCLINF0002: Started actionTokens cache from keycloak container

00:35:39,359 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started authorization cache from keycloak container

00:35:39,360 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 51) WFLYCLINF0002: Started offlineSessions cache from keycloak container

00:35:39,360 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 54) WFLYCLINF0002: Started loginFailures cache from keycloak container

00:35:39,359 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started realms cache from keycloak container

00:35:39,390 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started client-mappings cache from ejb container

00:35:47,570 INFO [org.keycloak.services] (ServerService Thread Pool -- 54) KC-SERVICES0001: Loading config from standalone.xml or domain.xml

00:35:50,227 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 54) WFLYCLINF0002: Started realmRevisions cache from keycloak container

00:35:50,233 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 54) WFLYCLINF0002: Started userRevisions cache from keycloak container

00:35:50,255 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 54) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container

00:35:50,256 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 54) Node name: hyunsang-imac, Site name: null

00:35:58,751 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 54) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml

00:36:06,213 INFO [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 54) HHH000204: Processing PersistenceUnitInfo [

name: keycloak-default

...]

00:36:12,150 INFO [org.hibernate.Version] (ServerService Thread Pool -- 54) HHH000412: Hibernate Core {5.1.10.Final}

00:36:12,179 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 54) HHH000206: hibernate.properties not found

00:36:12,181 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 54) HHH000021: Bytecode provider name : javassist

00:36:13,396 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 54) HCANN000001: Hibernate Commons Annotations {5.0.1.Final}

00:36:17,719 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 54) HHH000400: Using dialect: org.hibernate.dialect.H2Dialect

00:36:17,807 WARN [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 54) HHH000431: Unable to determine H2 database version, certain features may not work

00:36:18,686 INFO [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 54) Envers integration enabled? : true

00:36:23,282 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 54) HV000001: Hibernate Validator 5.3.5.Final

00:36:25,790 INFO [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 54) HHH000397: Using ASTQueryTranslatorFactory

00:36:29,803 INFO [org.keycloak.services] (ServerService Thread Pool -- 54) KC-SERVICES0050: Initializing master realm

00:36:33,106 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication

00:36:33,131 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,133 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,133 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,133 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakTransactionCommitter from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,133 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,134 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,134 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,134 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,134 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 54) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication

00:36:33,470 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 54) WFLYUT0021: Registered web context: '/auth' for server 'default-server'

00:36:33,531 INFO [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")

00:36:33,688 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server

00:36:33,691 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management

00:36:33,691 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990

00:36:33,692 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 4.3.0.Final (WildFly Core 3.0.8.Final) started in 113664ms - Started 545 of 881 services (604 services are lazy, passive or on-demand)

Client Adapters

Keycloak client adapters = librares & provide a tight intergration to the underlying platform and framework.

Supported Platform

Choosing between OpenID Connect and SAML is not just a matter of using a newer protocol (OIDC) instead of the older more mature protocol (SAML).

TYPE	NAME	VERSION
OpenID Connect(OIDC)	WildFly	9, 10, 11, 8(deprecated)
	JBoss EAP	6, 7
	JBoss AS	7.1(deprecated)
	JBoss Fuse	6.2, 6.3
	JavaScript
	Jetty	9.2, 9.3, 9.4, 8.1(deprecated), 9.1(deprecated)
	Tomcat	7, 8, 6(deprecated)
SAML 2.0	WildFly	9, 10, 11
	JBoss EAP	6, 7
	JBoss AS	7.1(deprecated)
	Jetty	9.2, 9.3, 9.4, 8.1(deprecated)
	Tomcat	7, 8, 6(deprecated)

Downloads : https://www.keycloak.org/downloads.html

Administrator Console

초기 계정 생성

Keycloak은 관리자 콘솔화면을 제공한다. 예제로 로컬환경에서 구동하면 최초 접속시에 초기 관리자를 생성해야 한다.

관리자 접속

최초 접속 후에 다시 'Administration Console' 로 접속하면 다음과 같이 Login 페이지로 이동한다.

초기 생성한 관리자 계정으로 Log in 정보를 등록하여 관리자 콘솔에 접속한다.

Configure

"Realm Settings, Clients, Client Scopes, Roles, Identity Providers, User Federation, Authentication" 의 메뉴로 분류된 기능을 제공한다.

Manage

"Groups, Users, Sessions, Events, Import, Export"의 메뉴로 분류된 기능을 제공한다.

Identity Providers

Keycloak using external Identity Providers or Social Networks. 라고 명시한 내용 처럼 OpenID Connect & SAML 2.0 기반으로 User-defined 또는 Social(GitHub, Facebook 등) 을 이용한 인증이 가능하다.

Add identity provider

GitHub의 사용자 계정을 이용하여 OAuth2 인증을 통한 등록이 가능하다. GitHub에서 OAuth Client ID, Client Secret 정보를 등록하여 사이트 유효성을 등록할 수 있다.

GitHub의 경우에는 Settgins / Developer settings 을 통하여 'OAuth Apps'에 등록한다.

Add Iendity provider에 GitHub의 OAuth Client ID/Secret 정보를 등록 후 저장한다.

저장 후에 Log out 이후에 다시 로그인 페이지로 접속하면 아래와 같이 Log in 페이지가 분리되며 오른쪽에 추가한 Provider 정보가 제공된다.

User Federation

Keycloak can federate external user databases. Out of the box we have support for LDAP and Active Directory.

* Kerberos

References

- KeyCloak LDAP/AD Integration

- Spring-boot LDAP Guide

Relational Database Setup

Keycloak 은 기본적으로 embedded Java-based relational database called H2를 제공하여 기동된다. 기능 테스트 단계에서는 H2를 기반으로 사용해도 되겠지만, 운영환경 등을 고려하면 Database 분리가 필요하다.

RDBMS Setup Checklist

RDBMS를 선택한 후 Keycloak에 구성하기 위해서는 아래 단계로 진행을 해야 한다.

Locate and download a JDBC driver for your database
Package the driver JAR into a module and install this module into the server
Declare the JDBC driver in the configuration profile of the server
Modify the datasource configuration to use your database’s JDBC driver
Modify the datasource configuration to define the connection parameters to your database

PostgreSQL Setting

PostgreSQL의 버젼과 JDBC버젼은9.4 버젼 이후로 별개의 버젼으로 진행한다고 보면 된다.

PostgreSQL 9.6 버젼으로 RDBMS를 구성한다고 하더라도 최신 버젼인 JDBC 42.X 버젼으로 사용하면 된다.

Java 버젼에 따라 JDBC 4.0(Java 6), 4.1(Java 7), 4.2(Java 8) 로 나눠진다.

JDBC Download Link : https://jdbc.postgresql.org/download.html

Module XML

PostgreSQL JDBC 4.2 Driver, 42.2.5 버젼으로 Module XML 설정하는 경우 예제

<?xml version="1.0" ?>

<resource-root path="postgresql-42.2.5.jar"/>

</resources>

</dependencies>

</module>

Declare and Load JDBC Driver

운영모드 에 따라 JBoss(Wildfly)의 아래 경로의 설정 파일을 수정해야 한다.

- Standalone mode : /standalone/configuration/standalone.xml

- Custer mode : /standalone/configuration/standalone-ha.xml

- Doamin mode : /domain/configuration/domain.xml

Internationalization

한글팩이 없어 Pull Request 준비해야겠다.

kubernetes dashboard with openid connect

참고자료 : https://itnext.io/protect-kubernetes-dashboard-with-openid-connect-104b9e75e39c

저작자표시 비영리 변경금지

구마곰 & 머니곰

고정 헤더 영역

메뉴 레이어

메뉴 리스트

검색 레이어

검색 영역

상세 컨텐츠

본문 제목

본문

소개

홈페이지

문서

Guides

API Documentation

소스코드

기술지원

커뮤니티

Architecture

Policy Administration Point(PAP)

Policy Decision Point(PDP)

Policy Enforcement Point(PEP)

Policy Information Point(PIP)

AuthZ Process

Maven Building

Starting Keycloak

Client Adapters

Supported Platform

Downloads : https://www.keycloak.org/downloads.html

Administrator Console

초기 계정 생성

관리자 접속

Configure

Manage

Identity Providers

Add identity provider

User Federation

Relational Database Setup

RDBMS Setup Checklist

PostgreSQL Setting

Current Version 42.2.5

Module XML

Declare and Load JDBC Driver

Internationalization

kubernetes dashboard with openid connect

추가 정보

인기글

최신글

티스토리툴바