JBoss.orgCommunity Documentation

Keycloak Reference Guide

SSO for Web Apps and REST Services

1.1.0.Final


Preface
1. License
2. Overview
2.1. Key Concepts in Keycloak
2.2. How Does Security Work in Keycloak?
2.2.1. Permission Scopes
3. Installation and Configuration of Keycloak Server
3.1. Appliance Install
3.2. WAR Distribution Installation
3.3. Configuring the Server
3.3.1. Relational Database Configuration
3.3.2. MongoDB based model
3.3.3. EAP6.x Logging
3.3.4. SSL/HTTPS Requirement/Modes
3.3.5. SSL/HTTPS Setup
4. Providers and SPIs
4.1. Implementing a SPI
4.2. Registering provider implementations
4.3. Available SPIs
5. Running Keycloak Server on OpenShift
5.1. Create Keycloak instance with the web tool
5.2. Create Keycloak instance with the command-line tool
5.3. Next steps
6. Master Admin Access Control
6.1. Global Roles
6.2. Realm Specific Roles
7. Per Realm Admin Access Control
7.1. Realm Roles
8. Adapters
8.1. General Adapter Config
8.2. JBoss/Wildfly Adapter
8.2.1. Adapter Installation
8.2.2. Required Per WAR Configuration
8.2.3. Securing WARs via Keycloak Subsystem
8.3. Tomcat 6, 7 and 8 Adapters
8.3.1. Adapter Installation
8.3.2. Required Per WAR Configuration
8.4. Jetty 9.x Adapters
8.4.1. Adapter Installation
8.4.2. Required Per WAR Configuration
8.5. Jetty 8.1.x Adapter
8.5.1. Adapter Installation
8.5.2. Required Per WAR Configuration
8.6. JBoss Fuse and Apache Karaf Adapter
8.7. Javascript Adapter
8.7.1. Session status iframe
8.7.2. Older browsers
8.7.3. JavaScript Adapter reference
8.8. Installed Applications
8.8.1. http://localhost
8.8.2. urn:ietf:wg:oauth:2.0:oob
8.9. Logout
8.10. Multi Tenancy
8.11. JAAS plugin
9. Social
9.1. Social Login Config
9.1.1. Enable social login
9.1.2. Social-only login
9.1.3. Social Callback URL
9.2. Facebook
9.3. GitHub
9.4. Google
9.5. Twitter
9.6. Social Provider SPI
10. Themes
10.1. Theme types
10.2. Configure theme
10.3. Default themes
10.4. Creating a theme
10.4.1. Stylesheets
10.4.2. Scripts
10.4.3. Images
10.4.4. Messages
10.4.5. Modifying HTML
10.5. SPIs
10.5.1. Theme SPI
10.5.2. Account SPI
10.5.3. Login SPI
11. Email
11.1. Email Server Config
11.1.1. Enable SSL or TLS
11.1.2. Authentication
12. Application and Client Access Types
13. Roles
13.1. Composite Roles
14. Direct Access Grants
15. CORS
16. Cookie settings, Session Timeouts, and Token Lifespans
16.1. Remember Me
16.2. Session Timeouts
16.3. Token Timeouts
17. Admin REST API
18. Events
18.1. Event types
18.2. Event Listener
18.3. Event Store
18.4. Configure Events Settings for Realm
19. User Federation SPI and LDAP/AD Integration
19.1. LDAP and Active Directory Plugin
19.1.1. Edit Mode
19.1.2. Other config options
19.2. Sync of LDAP users to Keycloak
19.3. Writing your own User Federation Provider
20. Export and Import
21. Server Cache
21.1. Disabling Caches
21.2. Clear Caches
21.3. Cache Config
22. SAML SSO
22.1. SAML Entity Descriptor
23. Security Vulnerabilities
23.1. SSL/HTTPS Requirement
23.2. CSRF Attacks
23.3. Clickjacking
23.4. Compromised Access Codes
23.5. Compromised access and refresh tokens
23.6. Open redirectors
23.7. Password guess: brute force attacks
23.8. Password database compromised
23.9. SQL Injection attacks
23.10. Limiting Scope
24. Clustering
24.1. Configure a shared database
24.2. Configure Infinispan
24.3. Enable realm and user cache invalidation
24.4. Enable distributed user sessions
24.5. Start in HA mode
24.6. Enabling cluster security
24.7. Troubleshooting
25. Application Clustering
25.1. Stateless token store
25.2. Relative URI optimization
25.3. Admin URL configuration
25.4. Registration of application nodes to Keycloak
25.5. Refresh token in each request
26. Keycloak Security Proxy
26.1. Proxy Install and Run
26.2. Proxy Configuration
26.2.1. Basic Config
26.2.2. Application Config
26.3. Keycloak Identity Headers
27. Migration from older versions
27.1. Migrate database
27.2. Migrate keycloak-server.json
27.3. Migrate providers
27.4. Migrate themes
27.5. Migrate application
27.6. Version specific migration
27.6.1. Migrating from 1.1.0.Beta2 to 1.1.0.Final
27.6.2. Migrating from 1.1.0.Beta1 to 1.1.0.Beta2
27.6.3. Migrating from 1.0.x.Final to 1.1.0.Beta1
27.6.4. Migrating from 1.0 RC-1 to RC-2
27.6.5. Migrating from 1.0 Beta 4 to RC-1
27.6.6. Migrating from 1.0 Beta 1 to Beta 4
27.6.7. Migrating from 1.0 Alpha 4 to Beta 1
27.6.8. Migrating from 1.0 Alpha 2 to Alpha 3
27.6.9. Migrating from 1.0 Alpha 1 to Alpha 2