Chapter 6. Creating and assigning user roles in Red Hat Single Sign-On


Red Hat Single Sign-On is an identity and access management provider for securing your web applications with single sign-on (SSO). You can define users and assign roles in Red Hat Single Sign-On.

Prerequisites

  • You have secured your application using OpenID Connect with Red Hat Single Sign-On as the identity provider.

Procedure

  1. Log in to the admin console at http://localhost:<port>/auth/. For example, http://localhost:8180/auth/.
  2. Click the realm you use to connect with JBoss EAP. For example, example_realm.
  3. Click Clients, then click the client-name you configured for JBoss EAP. For example, my_jbeap.
  4. Click Roles, then Add Role.
  5. Enter a role name, such as Admin, then click Save. This is the role name you configure in JBoss EAP for authorization.
  6. Click Users, then View all users.
  7. Click an ID to assign the role you created. For example, click the ID for user1.
  8. Click Role Mappings. In the Client Roles field, select the client-name you configured for JBoss EAP. For example, my_jbeap.
  9. In Available Roles, select a role to assign. For example, admin. Click Add selected.

Verification

  1. If your application is already deployed, undeploy the aplication and deploy it again. In the application root directory, enter the following commands:

    $ mvn wildfy:undeploy
    $ mvn wildfy:deploy
  2. In a browser, navigate to the application URL. For example, http://localhost:8080/simple-webapp-example/secured.

    You are redirected to Red Hat Single Sign-On login page.

  3. Log in with your credentials. For example:

    username: user1
    password: passwordUser1

    You get the following output:

    Secured Servlet
    Current Principal 'cc02dfd3-198d-47e4-a9a9-021c5492e230'
    
    Roles : [offline_access, default-roles-example_realm, uma_authorization, Admin]

    The value of the Principal comes from the ID token from the OpenID provider. The Principal here is the value of the "sub" claim from the token.

    Users with the required role can log in to your application.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.