Chapter 2. Configuring Red Hat Single Sign-On as an OpenID provider
Red Hat Single Sign-On is an identity and access management provider for securing web applications with single sign-on (SSO). It supports OpenID Connect (an extension to OAuth 2.0).
Prerequisites
- You have installed the Red Hat Single Sign-On server. For more information, see Installing the Red Hat Single Sign-On server in the Red Hat Single Sign-On Getting Started Guide.
- You have created a user in your Red Hat Single Sign-On server instance. For more information, see Creating a user in the Red Hat Single Sign-On Getting Started Guide.
Procedure
Start the Red Hat Single Sign-On server at a port other than 8080 because JBoss EAP default port is 8080.
Syntax
$ RH_SSO_HOME/bin/standalone.sh -Djboss.socket.binding.port-offset=<offset-number>
Example
$ /home/servers/rh-sso-7.4/bin/standalone.sh -Djboss.socket.binding.port-offset=100
-
Log in to the Admin Console at
http://localhost:<port>/auth/
. For example,http://localhost:8180/auth/
. - To create a realm, in the Admin Console, hover over Master, and click Add realm.
-
Enter a name for the realm. For example,
example_realm
. Ensure that Enabled is ON and click Create. - Click Users, then click Add user to add a user to the realm.
-
Enter a user name. For example,
user1
. Ensure that User Enabled is ON and click Save. - Click Credentials to add a password to the user.
-
Set a password for the user. For example,
passwordUser1
. Toggle Temporary to OFF and click Set Password. In the confirmation prompt, click Set password. - Click Clients, then click Create to configure a client connection.
-
Enter a client ID. For example,
my_jbeap
. Ensure that Client Protocol is set toopenid-connect
, and click Save. Click Installation, then select
Keycloak OIDC JSON
as the Format Option to see the connection parameters.{ "realm": "example_realm", "auth-server-url": "http://localhost:8180/auth/", "ssl-required": "external", "resource": "my_jbeap", "public-client": true, "confidential-port": 0 }
When configuring your JBoss EAP application to use Red Hat Single Sign-On as the identity provider, you use the parameters as follows:
"provider-url" : "http://localhost:8180/auth/realms/example_realm", "ssl-required": "external", "client-id": "my_jbeap", "public-client": true, "confidential-port": 0
- Click Clients, click Edit next to my_jbeap to edit the client settings.
In Valid Redirect URIs, enter the URL where the page should redirect after authentication is successful.
For this example, set this value to
http://localhost:8080/simple-webapp-example/secured/*
and then click Save.
Additional resources