3.3. Configuring the business application with Red Hat Single Sign-On

Procedure

1. Download and install RH SSO. For instructions, see the Red Hat Single Sign-On Getting Started Guide.

2. Configure RH SSO:

   1. Either use the default master realm or create a new realm.
   2. Create the springboot-app client and set the AccessType to public.

   3. Set a valid redirect URI and web origin according to your local setup, for example:

      • Valid redirect URIs: http://localhost:8090/*
      • Web origin: http://localhost:8090
   4. Create realm roles that are used in the application.
   5. Create users that are used in the application and assign roles to them.

3. Add the following dependencies to the service project pom.xml file:

   <dependencyManagement>
     <dependencies>
       <dependency>
         <groupId>org.keycloak.bom</groupId>
         <artifactId>keycloak-adapter-bom</artifactId>
         <version>${version.org.keycloak}</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
     </dependencies>
   </dependencyManagement>
   
     ....
   
   <dependency>
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-spring-boot-starter</artifactId>
   </dependency>

   Copy to Clipboard Toggle word wrap

4. Update the application.properties file:

   # keycloak security setup
   keycloak.auth-server-url=http://localhost:8100/auth
   keycloak.realm=master
   keycloak.resource=springboot-app
   keycloak.public-client=true
   keycloak.principal-attribute=preferred_username
   keycloak.enable-basic-auth=true

   Copy to Clipboard Toggle word wrap

5. Modify the DefaultWebSecurityConfig.java file to ensure that Spring Security works correctly with RH SSO:

   import org.keycloak.adapters.KeycloakConfigResolver;
   import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
   import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
   import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
   import org.springframework.beans.factory.annotation.Autowired;
   import org.springframework.context.annotation.Bean;
   import org.springframework.context.annotation.Configuration;
   import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
   import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
   import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
   import org.springframework.security.core.session.SessionRegistryImpl;
   import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
   import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
   
   @Configuration("kieServerSecurity")
   @EnableWebSecurity
   public class DefaultWebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
   
       @Override
       protected void configure(HttpSecurity http) throws Exception {
           super.configure(http);
           http
           .csrf().disable()
           .authorizeRequests()
               .anyRequest().authenticated()
               .and()
           .httpBasic();
       }
   
       @Autowired
       public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
           KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
           SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
           mapper.setPrefix("");
           keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(mapper);
           auth.authenticationProvider(keycloakAuthenticationProvider);
       }
   
       @Bean
       public KeycloakConfigResolver KeycloakConfigResolver() {
          return new KeycloakSpringBootConfigResolver();
       }
   
       @Override
       protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
           return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
       }
   }

   Copy to Clipboard Toggle word wrap