LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@moonlightbox(Johnny Chu)

JBOSS - How to Migrate JBOSS 7 picketlink to JBOSS 8 keycloak-saml?

Last updated at Posted at 2025-03-26

前言

因為 JBOSS EAP 8 已經刪除 picketlink 模組,並改用 keycloak-saml 取代,但 keycloak-saml 需要手動自行安裝。

Step1. 下載 keycloak-saml 套件,目前最新版本是 26.1.4。

Step2. 上傳到 /opt 並解壓縮

johnny# unzip -o /opt/keycloak-saml-wildfly-adapter-dist-26.1.4.zip -d keycloak-saml-wildfly-adapter-dist-26.1.4

Step3. 複製套件到 JBOSS 資料夾底下

johnny# cp -R /opt/keycloak-saml-wildfly-adapter-dist-26.1.4/modules/system/add-ons/keycloak/org/keycloak/* /opt/jboss-eap-8.0/modules/system/layers/base/org/keycloak

Step4. 執行安裝 keycloak-saml 設定

johnny# /opt/jboss-eap-8.0/bin/jboss-cli.sh --file=/opt/keycloak-saml-wildfly-adapter-dist-26.1.4/bin/adapter-elytron-install-saml-offline.cli -Dserver.config=standalone.xml

Step5. 修改 standalone.xml

    <subsystem xmlns="urn:jboss:domain:keycloak-saml:1.4">
            <secure-deployment name="abs-portal.war">
                <SP entityID="https://YOUR_URL" sslPolicy="EXTERNAL" nameIDPolicyFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" forceAuthentication="false">
                    <Keys>
                        <Key signing="true" encryption="true">
                            <KeyStore password="changeit" file="/etc/pki/java/cacerts">
                                <PrivateKey alias="YOUR_URL_SSL_CERT_ALIAS_NAME" password="changeit"/>
                                <Certificate alias="YOUR_URL_SSL_CERT_ALIAS_NAME"/>
                            </KeyStore>
                        </Key>
                    </Keys>
                    <IDP entityID="https://YOUR_ADFS_URL">
                        <SingleSignOnService signRequest="true" validateResponseSignature="true" requestBinding="POST" responseBinding="POST" bindingUrl="https://YOUR_ADFS_URL" assertionConsumerServiceUrl="https://YOUR_URL/saml"/>
                        <SingleLogoutService validateResponseSignature="true" signRequest="true" requestBinding="POST" postBindingUrl="https://YOUR_URL"/>
                        <Keys>
                            <Key signing="true">
                                <KeyStore password="changeit" file="/etc/pki/java/cacerts">
                                    <Certificate alias="YOUR_ADFS_URL_SSL_CERT_ALIAS_NAME"/>
                                </KeyStore>
                            </Key>
                        </Keys>
                        <AllowedClockSkew unit="MILLISECONDS">120000</AllowedClockSkew>
                    </IDP>
                </SP>
            </secure-deployment>
        </subsystem>
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?