Keycloak

• ドキュメント

install

---

• check requirement
  • http://keycloak-documentation.openstandia.jp/master/ja_JP/server_installation/index.html
• download
  • https://www.keycloak.org/downloads.html
• References
  • Keycloakのセットアップ

• start

  $ ./bin/standalone.sh -b 0.0.0.0 &
  

• Administration Console

  • 管理者の設定

    $ .../bin/add-user-keycloak.sh -r master -u <username> -p <password>
    

  • http://10.0.12.106:8080/auth/

Client Adapter

---

• WildFly
  • download

sample

---

• document
  • keycloak/keycloak-quickstarts
• sample file
  • Examples

• endpoint

  $ curl http://10.0.12.106:8080/auth/realms/demo/.well-known/openid-configuration -s | jq .
  {
    "issuer": "http://10.0.12.106:8080/auth/realms/demo",
    "authorization_endpoint": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/auth",
    "token_endpoint": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/token",
    "token_introspection_endpoint": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/token/introspect",
    "userinfo_endpoint": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/userinfo",
    "end_session_endpoint": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/logout",
    "jwks_uri": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/certs",
    "check_session_iframe": "http://10.0.12.106:8080/auth/realms/demo/protocol/openid-connect/login-status-iframe.html",
    "grant_types_supported": [
      "authorization_code",
      "implicit",
      "refresh_token",
      "password",
      "client_credentials"
    ],
    "response_types_supported": [
      "code",
      "none",
      "id_token",
      "token",
      "id_token token",
      "code id_token",
      "code token",
      "code id_token token"
    ],
    "subject_types_supported": [
      "public",
      "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
      "RS256"
    ],
    "userinfo_signing_alg_values_supported": [
      "RS256"
    ],
    "request_object_signing_alg_values_supported": [
      "none",
      "RS256"
    ],
    "response_modes_supported": [
      "query",
      "fragment",
      "form_post"
    ],
    "registration_endpoint": "http://10.0.12.106:8080/auth/realms/demo/clients-registrations/openid-connect",
    "token_endpoint_auth_methods_supported": [
      "private_key_jwt",
      "client_secret_basic",
      "client_secret_post",
      "client_secret_jwt"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [
      "RS256"
    ],
    "claims_supported": [
      "sub",
      "iss",
      "auth_time",
      "name",
      "given_name",
      "family_name",
      "preferred_username",
      "email"
    ],
    "claim_types_supported": [
      "normal"
    ],
    "claims_parameter_supported": false,
    "scopes_supported": [
      "openid",
      "address",
      "email",
      "offline_access",
      "phone",
      "profile"
    ],
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "code_challenge_methods_supported": [
      "plain",
      "S256"
    ],
    "tls_client_certificate_bound_access_tokens": true
  }