Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

Chapter 2. Configuring Red Hat Single Sign-On as an OpenID provider

Red Hat Single Sign-On is an identity and access management provider for securing web applications with single sign-on (SSO). It supports OpenID Connect (an extension to OAuth 2.0).

Prerequisites

  • You have installed the Red Hat Single Sign-On server. For more information, see Installing the Red Hat Single Sign-On server in the Red Hat Single Sign-On Getting Started Guide.
  • You have created a user in your Red Hat Single Sign-On server instance. For more information, see Creating a user in the Red Hat Single Sign-On Getting Started Guide.

Procedure

  1. Start the Red Hat Single Sign-On server at a port other than 8080 because JBoss EAP default port is 8080.

    Syntax

    $ RH_SSO_HOME/bin/standalone.sh -Djboss.socket.binding.port-offset=<offset-number>
    Copy to Clipboard Toggle word wrap

    Example

    $ /home/servers/rh-sso-7.4/bin/standalone.sh -Djboss.socket.binding.port-offset=100
    Copy to Clipboard Toggle word wrap

  2. Log in to the Admin Console at http://localhost:<port>/auth/. For example, http://localhost:8180/auth/.
  3. To create a realm, in the Admin Console, hover over Master, and click Add realm.
  4. Enter a name for the realm. For example, example_realm. Ensure that Enabled is ON and click Create.
  5. Click Users, then click Add user to add a user to the realm.
  6. Enter a user name. For example, user1. Ensure that User Enabled is ON and click Save.
  7. Click Credentials to add a password to the user.
  8. Set a password for the user. For example, passwordUser1. Toggle Temporary to OFF and click Set Password. In the confirmation prompt, click Set password.
  9. Click Clients, then click Create to configure a client connection.
  10. Enter a client ID. For example, my_jbeap. Ensure that Client Protocol is set to openid-connect, and click Save.

  11. Click Installation, then select Keycloak OIDC JSON as the Format Option to see the connection parameters. 

    {
  "realm": "example_realm",
  "auth-server-url": "http://localhost:8180/auth/",
  "ssl-required": "external",
  "resource": "my_jbeap",
  "public-client": true,
  "confidential-port": 0
}
    Copy to Clipboard Toggle word wrap

    When configuring your JBoss EAP application to use Red Hat Single Sign-On as the identity provider, you use the parameters as follows: 

    "provider-url" : "http://localhost:8180/auth/realms/example_realm",
"ssl-required": "external",
"client-id": "my_jbeap",
"public-client": true,
"confidential-port": 0
    Copy to Clipboard Toggle word wrap
  12. Click Clients, click Edit next to my_jbeap to edit the client settings.

  13. In Valid Redirect URIs, enter the URL where the page should redirect after authentication is successful.

    For this example, set this value to http://localhost:8080/simple-webapp-example/secured/* and then click Save.

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat