JBoss.orgCommunity Documentation

Keycloak Reference Guide

SSO for Web Apps and REST Services

1.1.0.Beta2


Preface
1. License
2. Overview
2.1. Key Concepts in Keycloak
2.2. How Does Security Work in Keycloak?
2.2.1. Permission Scopes
3. Installation and Configuration of Keycloak Server
3.1. Appliance Install
3.2. WAR Distribution Installation
3.3. Configuring the Server
3.3.1. Relational Database Configuration
3.3.2. MongoDB based model
3.3.3. EAP6.x Logging
3.3.4. SSL/HTTPS Requirement/Modes
3.3.5. SSL/HTTPS Setup
3.4. Configuring Servers from the Subsystem
3.4.1. Manually Creating A Server
3.4.2. Using CLI and CLI GUI with the Keycloak Subsystem
3.4.3. Adding a Keycloak server in Domain Mode
4. Running Keycloak Server on OpenShift
4.1. Create Keycloak instance with the web tool
4.2. Create Keycloak instance with the command-line tool
4.3. Next steps
5. Master Admin Access Control
5.1. Global Roles
5.2. Realm Specific Roles
6. Per Realm Admin Access Control
6.1. Realm Roles
7. Adapters
7.1. General Adapter Config
7.2. JBoss/Wildfly Adapter
7.2.1. Adapter Installation
7.2.2. Required Per WAR Configuration
7.2.3. Securing WARs via Keycloak Subsystem
7.3. Tomcat 6, 7 and 8 Adapters
7.3.1. Adapter Installation
7.3.2. Required Per WAR Configuration
7.4. Jetty 9.x Adapters
7.4.1. Adapter Installation
7.4.2. Required Per WAR Configuration
7.5. Jetty 8.1.x Adapter
7.5.1. Adapter Installation
7.5.2. Required Per WAR Configuration
7.6. Pure Client Javascript Adapter
7.6.1. Session status iframe
7.6.2. JavaScript Adapter reference
7.7. Installed Applications
7.7.1. http://localhost
7.7.2. urn:ietf:wg:oauth:2.0:oob
7.8. Logout
7.9. Multi Tenancy
8. Social
8.1. Social Login Config
8.1.1. Enable social login
8.1.2. Social-only login
8.1.3. Social Callback URL
8.2. Facebook
8.3. GitHub
8.4. Google
8.5. Twitter
8.6. Social Provider SPI
9. Themes
9.1. Theme types
9.2. Configure theme
9.3. Default themes
9.4. Creating a theme
9.4.1. Stylesheets
9.4.2. Scripts
9.4.3. Images
9.4.4. Messages
9.4.5. Modifying HTML
9.5. SPIs
9.5.1. Theme SPI
9.5.2. Account SPI
9.5.3. Login SPI
10. Email
10.1. Email Server Config
10.1.1. Enable SSL or TLS
10.1.2. Authentication
11. Application and Client Access Types
12. Roles
12.1. Composite Roles
13. Direct Access Grants
14. CORS
15. Cookie settings, Session Timeouts, and Token Lifespans
15.1. Remember Me
15.2. Session Timeouts
15.3. Token Timeouts
16. Admin REST API
17. Events
17.1. Event types
17.2. Event Listener
17.3. Event Store
17.4. Configure Events Settings for Realm
18. User Federation SPI and LDAP/AD Integration
18.1. LDAP and Active Directory Plugin
18.1.1. Edit Mode
18.1.2. Other config options
18.2. Sync of LDAP users to Keycloak
18.3. Writing your own User Federation Provider
19. Export and Import
20. Server Cache
20.1. Disabling Caches
20.2. Clear Caches
20.3. Cache Config
21. SAML SSO
21.1. SAML Entity Descriptor
22. Security Vulnerabilities
22.1. SSL/HTTPS Requirement
22.2. CSRF Attacks
22.3. Clickjacking
22.4. Compromised Access Codes
22.5. Compromised access and refresh tokens
22.6. Open redirectors
22.7. Password guess: brute force attacks
22.8. Password database compromised
22.9. SQL Injection attacks
22.10. Limiting Scope
23. Clustering
23.1. Configure a shared database
23.2. Configure Infinispan
23.3. Enable realm and user cache invalidation
23.4. Enable distributed user sessions
23.5. Start in HA mode
23.6. Enabling cluster security
24. Application Clustering
24.1. Stateless token store
24.2. Relative URI optimization
24.3. Admin URL configuration
24.4. Registration of application nodes to Keycloak
24.5. Refresh token in each request
25. Keycloak Security Proxy
25.1. Proxy Install and Run
25.2. Proxy Configuration
25.2.1. Basic Config
25.2.2. Application Config
25.3. Keycloak Identity Headers
26. Migration from older versions
26.1. Migrate database
26.2. Migrate keycloak-server.json
26.3. Migrate providers
26.4. Migrate themes
26.5. Migrate application
26.6. Version specific migration
26.6.1. Migrating from 1.1.Beta1 to 1.1.Beta2
26.6.2. Migrating from 1.0.x.Final to 1.1.Beta1
26.6.3. Migrating from 1.0 RC-1 to RC-2
26.6.4. Migrating from 1.0 Beta 4 to RC-1
26.6.5. Migrating from 1.0 Beta 1 to Beta 4
26.6.6. Migrating from 1.0 Alpha 4 to Beta 1
26.6.7. Migrating from 1.0 Alpha 2 to Alpha 3
26.6.8. Migrating from 1.0 Alpha 1 to Alpha 2