I would like to integrate security for WildFly 11 management interfaces (management console, web console) with KeyCloak over the new Elytron subsystem.
I've been looking the latest documentation for Wildfly 11 and there is chapter Using KeyCloak with WildFly Elytron but is unfortunately empty.
I will be really appreciated if someone could give me some advice how to do that.
Keycloak documentation for version 3.4 is very detailed http://www.keycloak.org/docs/latest/securing_apps/index.html#_jboss_adapter - you have to install the adapter for your Elytron subsystem on Wildfly 11 (beware: the CLI is different from the Wildfly 10 version! )
Looks like some missed QAing it... Anyways .. i think this can be your starting points.
https://github.com/ssilvert/wildfly/blob/kcauth/keycloak/KeycloakSetup.txt
More details and concepts can be found in this email thread , http://lists.jboss.org/pipermail/wildfly-dev/2014-June/002230.html . Sorry these are not complete answers but can be a good starting point to your solution.
The documentation was updated with more information on how to use Keycloak to protect Wildfly Administration Console and Management API.
Take a look here https://docs.jboss.org/author/display/WFLY/Protecting+Wildfly+Adminstration+Console+With+Keycloak.
Related
I've read that it's possible to monitor Wildfly with Nagios in links like this one and I also know that there are solutions that provide that service as well.
Does anybody knows how to do that, how to monitor Wildfly with Nagios, any recommendations on how to start? Any reference would be very appreciated.
You can consider using JSON based HTTP management API. Sample plugin (Python based) for JBossAS - standalone mode is available here https://github.com/aparnachaudhary/nagios-plugin-jbossas7. This should also work for WildFly.
Some details about WildFly HTTP Management API can be found here https://docs.jboss.org/author/display/WFLY9/The+HTTP+management+API
I'm trying to apply OpenAM to our Web Applications for SSO.
From the last month I got familiar with OpenAM, so I thought that I'm almost getting to the end.
But another constraint has arisen.
One Application has deeper dependency to Winstone Servlet Container, but it's not on OpenAM's Java EE Agents lists.
My solution was 'Using Apache Web Server : Apache+Winstone', but my colleague rejected my suggestion.
Is there any other solution for OpenAM+Winstone?
(I could not find it with Googling. In fact I didn't know Winstone itself until my colleague said that.)
If you don't need J2EE security in your application you could just use the 'servlet-filter' part of the 'J2EE Agent' filter (e.g. Tomcat Agent). You just need to specify a JVM option to point to the boostrap directory and add the agent libs to the classpath.
I am looking for an Opensource lightweight IAM to be used in development as a substitute for the real commercial IAM in production. Something with basic IAM functionalities, easy to install & easily configured to inject HTTP headers like user group.
Is OpenAM a good option? Any recommendations?
OpenAM comes from a very good pedigree...is forked from OpenSSO which is open-sourced code from the original SUN Access Manager product. OpenSSO was abandoned by Oracle after the Sun acquisition, so another company took it over and promoted a developer community around it.
Overall its a good choice for your requirements; that is:
Production-ready - yes, this version and previous versions have been used in production implementations
basic IAM functionality - it contains basic web access management functions and more than a few advanced features.
Inject HTTP headers - Yes, this is a standard function among web access management products.
In the past, a limitation with OpenAM/OpenSSO is that it required Sun Directory as the configuration store; however, this has changed with recent releases allowing other directories to be used.
Expect that installation and configuration of OpenAM to be rather command-line intensive; that is, with a minimal package installation and then options set in config files or thru utilities.
Hope that helps...
After migrating to CDI/Seam 3 I'm getting these messages in my server log:
WARN: Cannot attempt extension on null.
I saw a post in the Seam 3 forum (which is not accepting new posts at present)
with some logging from org.jboss.seam.faces.environment.SeamApplicationWrapper
which looks like it will help me diagnose the underlying cause of the messages.
Can anyone tell me how to enable this logging level on a Glassfish server? I
could see nothing in the Seam 3 FAQ to help me.
Thanks.
I'm using Glassfish 3.1, JSF 2.1.3, Weld 1.1.1 & Seam 3.
I'm no expert, but have you tried adding the line
org.jboss.seam.faces.environment.SeamApplicationWrapper.level=DEBUG
to your domain's logging.properties file? It's in the config directory of your domain (e.g. [glassfish-install-directory]/glassfish/domains/domain1/config/logging.properties).
I'm trying to export a profile from WAS 6.1 so that I can give it to other members of my team with all of the JNDI and Shared Library configurations in place. I've flowed a few IBM tutorials on this like http://www-01.ibm.com/support/docview.wss?uid=swg21322309 (technically that is more a bug fix, but there is a similar page). I've tried to export the server using the "import" feature of the server in RAD 7. None of these options create a .car file with the resources sticking around.
Does anyone know how to do this?
Thanks,
JPD
Have you tried exporting/importing the WAS configuration using the wsadmin console as described in the following IBM TechNote?
https://www-304.ibm.com/support/docview.wss?uid=swg21207526
Unfortunately, the SIB configuration will be missing from the export -- I'm not sure if it's a bug or a feature, but it's at least mentioned by IBM in their TechNote so you don't have to pull out your hair searching for the problem.