Level: Beginner Technologies: JavaEE Summary: JSP Profile Application Target Product: Keycloak, WildFly Source: https://github.com/keycloak/keycloak-quickstarts
The app-profile-saml-jee-jsp
quickstart demonstrates how to write an application with JavaEE that
authenticates using Keycloak over the SAML protocol. Once authenticated the application shows the users profile information.
If you are deploying the application as a WAR you need to have WildFly 10 running.
All you need to build this project is Java 8.0 (Java SDK 1.8) or later and Maven 3.1.1 or later.
Prior to running the quickstart you need to create a client in Keycloak and download the installation file.
The following steps shows how to create the client required for this quickstart:
- Open the Keycloak admin console
- Select
Clients
from the menu - Click
Create
- Add the following values:
- Client ID: You choose (for example
app-profile-saml
) - Client Protocol:
saml
- Client ID: You choose (for example
- Click
Save
Once saved you need to change the following values:
- Valid Redirect URIs:
http://localhost:8080/app-profile-saml/*
- Base URL:
http://localhost:8080/app-profile-saml/
- Master SAML Processing URL:
http://localhost:8080/app-profile-saml/saml
- Force Name ID Format:
ON
If you deploy the application somewhere else change the hostname and port of the URLs accordingly.
To be able to retrieve the profile details next click on Mappers
. Then click on Add Builtin
and select all the
mappers before clicking Add selected
.
Finally you need to configure the adapter, this is done by retrieving the adapter configuration file:
- Click on
Installation
in the tab for the client you created - Select
Keycloak SAML Adapter keycloak-saml.xml
- Click
Download
- Edit
keycloak-saml.xml
and replaceSPECIFY YOUR LOGOUT PAGE!
with/index.jsp
- Move the file
keycloak-saml.xml
to theconfig/
directory in the root of the quickstart
As an alternative you can create the client by importing the file client-import.json and
copying config/keycloak-saml-example.xml to config/keycloak-saml.xml
. Finally,
you need to edit config/keycloak-saml.xml
and replace REPLACE WITH REALM CERTIFICATE
with the actual realm certificate.
You can retrieve the realm certificate from the admin console from Keys
under Realm Settings
.
-
Open a terminal and navigate to the root directory of this quickstart.
-
The following shows the command to deploy the quickstart:
mvn clean wildfly:deploy
If you prefer to secure WARs via Keycloak SAML subsystem:
mvn install -Dsubsystem wildfly:deploy
You can access the application with the following URL: http://localhost:8080/app-profile-saml
-
Open a terminal and navigate to the root directory of this quickstart.
-
The following shows the command to undeploy the quickstart:
mvn install wildfly:undeploy