JBoss.orgCommunity Documentation

Keycloak Reference Guide

SSO for Web Apps and REST Services

1.0.2.Final


Preface
1. License
2. Overview
2.1. Key Concepts in Keycloak
2.2. How Does Security Work in Keycloak?
2.2.1. Permission Scopes
3. Installation and Configuration of Keycloak Server
3.1. Appliance Install
3.2. WAR Distribution Installation
3.3. Configuring the Server
3.3.1. Relational Database Configuration
3.3.2. MongoDB based model
3.3.3. AS7/EAP6.x Logging
3.3.4. SSL/HTTPS Requirement/Modes
3.3.5. SSL/HTTPS Setup
4. Running Keycloak Server on OpenShift
4.1. Create Keycloak instance with the web tool
4.2. Create Keycloak instance with the command-line tool
4.3. Next steps
5. Master Admin Access Control
5.1. Global Roles
5.2. Realm Specific Roles
6. Per Realm Admin Access Control
6.1. Realm Roles
7. Adapters
7.1. General Adapter Config
7.2. JBoss/Wildfly Adapter
7.2.1. Adapter Installation
7.2.2. Per WAR Configuration
7.2.3. Securing WARs via Keycloak Subsystem
7.3. Pure Client Javascript Adapter
7.3.1. Session status iframe
7.3.2. JavaScript Adapter reference
7.4. Installed Applications
7.4.1. http://localhost
7.4.2. urn:ietf:wg:oauth:2.0:oob
7.5. Logout
8. Social
8.1. Social Login Config
8.1.1. Enable social login
8.1.2. Social-only login
8.1.3. Social Callback URL
8.2. Facebook
8.3. GitHub
8.4. Google
8.5. Twitter
8.6. Social Provider SPI
9. Themes
9.1. Theme types
9.2. Configure theme
9.3. Default themes
9.4. Creating a theme
9.4.1. Stylesheets
9.4.2. Scripts
9.4.3. Images
9.4.4. Messages
9.4.5. Modifying HTML
9.5. SPIs
9.5.1. Theme SPI
9.5.2. Account SPI
9.5.3. Login SPI
10. Email
10.1. Email Server Config
10.1.1. Enable SSL or TLS
10.1.2. Authentication
11. Application and Client Access Types
12. Roles
12.1. Composite Roles
13. Direct Access Grants
14. CORS
15. Cookie settings, Session Timeouts, and Token Lifespans
15.1. Remember Me
15.2. Session Timeouts
15.3. Token Timeouts
16. Admin REST API
17. Events
17.1. Event types
17.2. Event Listener
17.3. Event Store
17.4. Configure Events Settings for Realm
18. User Federation SPI and LDAP/AD Integration
18.1. LDAP and Active Directory Plugin
18.1.1. Edit Mode
18.1.2. Other config options
18.2. Sync of LDAP users to Keycloak
18.3. Writing your own User Federation Provider
19. Export and Import
20. Server Cache
20.1. Disabling Caches
20.2. Clear Caches
20.3. Cache Config
21. Security Vulnerabilities
21.1. SSL/HTTPS Requirement
21.2. CSRF Attacks
21.3. Clickjacking
21.4. Compromised Access Codes
21.5. Compromised access and refresh tokens
21.6. Open redirectors
21.7. Password guess: brute force attacks
21.8. Password database compromised
21.9. SQL Injection attacks
22. Migration from older versions
22.1. Migrating from 1.0 RC-1 to RC-2
22.2. Migrating from 1.0 Beta 4 to RC-1
22.3. Migrating from 1.0 Beta 1 to Beta 4
22.4. Migrating from 1.0 Alpha 4 to Beta 1
22.5. Migrating from 1.0 Alpha 2 to Alpha 3
22.6. Migrating from 1.0 Alpha 1 to Alpha 2