Using Keycloak with JHipster 4.10.0

3
votes

I generated new app with Jhipster generator, v4.10.0.

I'd like to use OAuth2 powered by Keycloak running in separate (it's own) application server, used by more applications. It means, not in Docker.

I set 'application.yml' according to http://www.jhipster.tech/security/ .. server, port, clientId, clientSecret => rebuild app.

mvnw -Pprod package -DskipTests

Keycloak function tested by SoapUi. It returns JSON object with tokens as usual.

KEYCLOAK use on localhost for development

Keycloak Download Keycloak server from http://www.keycloak.org/downloads.html you can follow documentation "Getting started".

My steps

  • unzip in servers location C:\Servers\Keycloak\
  • standalone.xml => set port-offset: 10000 because on zero there application server runs
  • cmd cd C:\Servers\Keycloak\bin
  • run standalone.bat
  • open browser http://localhost:18080/auth
  • go to admin console
  • create new realm "jhipster"
  • I used User federation to add LDAP users (Synchronize all users), next option is to add users manualy
  • add roles (JHipster uses ADMIN and USER, SYSTEM) or Sync LDAP Roles To Keycloak
  • create new client in this new realm

jhipster client setting don't forget symbol + at Web origins

  • in Credentials choose Client ID and secret, generate secret and use it in application.yaml file
1
jhipsterkeycloak
I'm sorry, I fought with versions yarn and Jhipster. So, new app based on yarn 1.2.1 and JH 4.10.0 offers redirecting to Keycloak, but next issue is how to logout. Root element not found localhost:9000/api/logoutJosef Ill
If you achieved to solve this problem you should delete it and open a new post for your new issue. Thank youXtreme Biker
How did you configure j hipster with keycloak standalone, Could you send me the settings and configurations for this at [email protected]Mubasher

1 Answers

0
votes

@Mubasher question:

I deployed jhipster-app.war on WildFly10 application server. See standalone.xml setting below.

You can add new extension

<extension module="org.keycloak.keycloak-adapter-subsystem"/>

Then modify security subsystem in profile element.

<subsystem xmlns="urn:jboss:domain:security:1.2">
    <security-domains>
        <security-domain name="other" cache-type="default">
            <authentication>
                <login-module code="Remoting" flag="optional">
                    <module-option name="password-stacking" value="useFirstPass"/>
                </login-module>
                <login-module code="RealmDirect" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                </login-module>
            </authentication>
        </security-domain>
        <security-domain name="jboss-web-policy" cache-type="default">
            <authorization>
                <policy-module code="Delegating" flag="required"/>
            </authorization>
        </security-domain>
        <security-domain name="jboss-ejb-policy" cache-type="default">
            <authorization>
                <policy-module code="Delegating" flag="required"/>
            </authorization>
        </security-domain>
        <security-domain name="jaspitest" cache-type="default">
            <authentication-jaspi>
                <login-module-stack name="dummy">
                    <login-module code="Dummy" flag="optional"/>
                </login-module-stack>
                <auth-module code="Dummy"/>
            </authentication-jaspi>
        </security-domain>
        <security-domain name="keycloak">
            <authentication>
                <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
            </authentication>
        </security-domain>
    </security-domains>
</subsystem>

Finally mention this, in the end of profile element.

<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>

application-dev.yaml

I suppose that you managed to set database in this configuration file. So, I show you only security part. According to your Keycloak realm setting, please change client ID and secret.

security:
    basic:
        enabled: false
    oauth2:
        client:
            access-token-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/token
            user-authorization-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/auth
            client-id: jhipster
            client-secret: e0ceb945-9b56-42d3-af1a-f68221adddec
            client-authentication-scheme: form
            scope: openid profile email
        resource:
            user-info-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/userinfo
            token-info-uri: http://localhost:18080/auth/realms/jhipster/protocol/openid-connect/token/introspect
            prefer-token-info: false
            use-resource-role-mappings: true