Chapter 6. Creating and assigning user roles in Red Hat Single Sign-On

Procedure

1. Log in to the admin console at http://localhost:<port>/auth/. For example, http://localhost:8180/auth/.
2. Click the realm you use to connect with JBoss EAP. For example, example_realm.
3. Click Clients, then click the client-name you configured for JBoss EAP. For example, my_jbeap.
4. Click Roles, then Add Role.
5. Enter a role name, such as Admin, then click Save. This is the role name you configure in JBoss EAP for authorization.
6. Click Users, then View all users.
7. Click an ID to assign the role you created. For example, click the ID for user1.
8. Click Role Mappings. In the Client Roles field, select the client-name you configured for JBoss EAP. For example, my_jbeap.
9. In Available Roles, select a role to assign. For example, admin. Click Add selected.

Verification

1. If your application is already deployed, undeploy the aplication and deploy it again. In the application root directory, enter the following commands:

   $ mvn wildfy:undeploy
   $ mvn wildfy:deploy

   Copy to Clipboard Toggle word wrap

2. In a browser, navigate to the application URL. For example, http://localhost:8080/simple-webapp-example/secured.

   You are redirected to Red Hat Single Sign-On login page.

3. Log in with your credentials. For example:

   username: user1
   password: passwordUser1

   Copy to Clipboard Toggle word wrap

   You get the following output:

   Secured Servlet
   Current Principal 'cc02dfd3-198d-47e4-a9a9-021c5492e230'
   
   Roles : [offline_access, default-roles-example_realm, uma_authorization, Admin]

   Copy to Clipboard Toggle word wrap

   The value of the Principal comes from the ID token from the OpenID provider. The Principal here is the value of the "sub" claim from the token.

   Users with the required role can log in to your application.