-
-
Notifications
You must be signed in to change notification settings - Fork 23
OIDC Integration
Melloware edited this page Sep 15, 2023
·
5 revisions
Example OIDC integration using KeyCloak is found in oidc-auth
branch
This code base modifies the demo to use Keycloak to protect the web pages.
The main dashboard page is not protected, but all of the other links in the menu are. Clicking on any of them will redirect you to KeyCloaks login screen.
You can log in with bob:bob
or alice:alice
and you will see in the console output that you were logged in.
You will also see a Logout
link appear at the top right of the screen.
Clicking it will automatically log you out and redirect you back to the main page.
You can see the various settings for oidc in the application.properties
file.
You can learn more about OIDC at - OIDC OIDC
##### OIDC KEYCLOAK ######
# Uses the dev services Keycloak and hard codes a port
quarkus.keycloak.devservices.port=51521
# Default client id in the Docker image
quarkus.oidc.client-id=my-jsf-app
quarkus.oidc.application-type=web-app
# In Quarkus 3.3.2 this fixes issue with bad cookie name causing 401 if you cancel Keycloak login page
# https://github.com/quarkusio/quarkus/issues/35947
# According to the devs, in 3.4 this setting is the default
# so it won't be needed in here
quarkus.oidc.authentication.fail-on-missing-state-param=false
# Restore the original path after login redirect
quarkus.oidc.authentication.restore-path-after-redirect=true
# Sets up some time offserts to help prevent
# Token expiration during executions like Ajax, etc.
# Things might work fine without them
quarkus.oidc.token.refresh-token-time-skew=3M
quarkus.oidc.authentication.java-script-auto-redirect=false
quarkus.oidc.authentication.session-age-extension=15M
quarkus.oidc.token.lifespan-grace=120
# Need to split up the tokens because all 3 - ID, access, and refresh
# are too big for browser
quarkus.oidc.token-state-manager.split-tokens=true
#Automatically refresh expired tokens
quarkus.oidc.token.refresh-expired=true
# Calls Keycloaks logout process to logout the user
# This is a virtual link and doesn't exist in your code
# it just starts the logout process
# You just need to call it from your JSF
quarkus.oidc.logout.path=/secure/logout
# Where should we be redirected after logout
quarkus.oidc.logout.post-logout-path=/index.xhtml
###### OIDC END #####
##### SECURITY START ######
# Turns off denying of REST endpoints because they
# aren't annotated with @PermitAll or @Authenticated
# This is useful if you have Rest endpoints in your web-app
quarkus.security.jaxrs.deny-unannotated-endpoints=false
# Setup authenticated path for anything under /secure
quarkus.http.auth.permission.authenticated.paths=/secure/*
quarkus.http.auth.permission.authenticated.policy=authenticated
##### SECURITY END ######