Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

BaSyx / Scenarios / Authorization

Setting up Keycloak

Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services. As of March 2018 this WildFly community project is under the stewardship of Red Hat who use it as the upstream project for their RH-SSO product.

Startup

To start the Keycloak, you can use the following command:

docker run -p 9006:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak

The admin console can be open in the browser using below link:

http://127.0.0.1:9006/auth

Setup using portal

The initial screen for the admin console appears.

Reference:https://www.keycloak.org/docs/11.0/getting_started/

Realms and users

When you log in to the admin console, you work in a realm, which is a space where you manage objects. Two types of realms exist:

  • Master realm - This realm was created for you when you first started Keycloak. It contains the admin account you created at the first login. You use this realm only to create other realms.
  • Other realms - These realms are created by the admin in the master realm. In these realms, administrators create users and applications. The applications are owned by the users.

Reference:https://www.keycloak.org/docs/11.0/getting_started/

Create Realm

As the admin in the master realm, you create the realms where administrators create users and applications.

Prerequisites

  • Keycloak is installed.
  • You have the initial admin account for the admin console.

Procedure

  1. Go to http://localhost:9006/auth/admin/ and log in to the Keycloak admin console using the admin account.
  2. From the Master menu, click Add Realm. When you are logged in to the master realm, this menu lists all other realms.
  3. Type basyx-demo in the Name field.
  4. Click Create.


AddRealm

The realm name is case-sensitive, so make note of the case that you use.

The main admin console page opens with realm set to basyx-demo.


Realm

Add Client

Procedure

  1. Go to http://localhost:9006/auth/admin/ and log in to the Keycloak admin console using the admin account.
  2. From the Master menu, select basyx-demo.
  3. Click Clients.
  4. Click Create.


AddClient


Set the property of client

  • Set Access Type to Confidential
  • Turn ON OAuth 2.0 Device Authorization Grant Enabled
  • Turn ON Authorization Enabled
  • Enter valid redirect URIs
  • Click Save.

BasyxDemo

Setup using Keycloak Java Adapter

Add the following maven dependencies to the project :

keycloak-spring-boot-starter

<dependency>
   <groupId>org.keycloak</groupId>
   <artifactId>keycloak-spring-boot-starter</artifactId>
   <version>16.1.1</version>
</dependency>

keycloak-admin-client

<dependency>
   <groupId>org.keycloak</groupId>
   <artifactId>keycloak-admin-client</artifactId>
   <version>16.1.1</version>
</dependency>

Create Realm

First create a Keycloak instance as depicted in below code :

  1. private void buildKeycloak() {
  2. 	keycloak = KeycloakBuilder.builder()
  3. 	         .serverUrl(BASE_ADDRESS)
  4. 	         .realm(MASTER_REALM_NAME)
  5. 	         .clientId(MASTER_CLIENT_ID)
  6. 	         .username(USERNAME)
  7. 	         .password(PASSWORD)
  8. 	         .build();
  9. }

Then, create a realm using below code snippet :

  1. private void createRealm() throws RealmCreationException {        
  2. 	RealmRepresentation realmRepresentation = createRealmRepresentationFromJson();
  3.  
  4. 	keycloak.realms().create(realmRepresentation);
  5. }
  6.  
  7. private RealmRepresentation createRealmRepresentationFromJson() {
  8. 	return loadJson(KeycloakServiceProvider.class.getResourceAsStream("/" + REALM_FILE_NAME), RealmRepresentation.class);
  9. }

Back to the top