Procedure

1. Go to the Red Hat customer portal.
2. Download the Red Hat Single Sign-On Server: rh-sso-7.5.zip
3. Place the file in a directory you choose.

4. Unpack the ZIP file using the appropriate unzip utility, such as unzip, tar, or Expand-Archive.

   Linux/Unix

   $ unzip rhsso-7.5.zip
   
   or
   
   $ tar -xvzf rh-sso-7.5.tar.gz

   Windows

   > Expand-Archive -Path 'C:Downloads\rhsso-7.5.zip' -DestinationPath 'C:\Downloads'

Procedure

1. Go to the bin directory of the server distribution.

2. Run the standalone boot script.

   Linux/Unix

   $ cd bin
   $ ./standalone.sh

   Windows

   > ...\bin\standalone.bat

Procedure

1. Open http://localhost:8080/auth in your web browser.

   The welcome page opens, confirming that the server is running.

   Welcome page

   

2. Enter a username and password to create an initial admin user.

Procedure

1. Click the Administration Console link on the Welcome page or go directly to http://localhost:8080/auth/admin/ (the console URL).

   Note

   The Administration Console is generally referred to as the admin console for short in Red Hat Single Sign-On documentation.

2. Enter the username and password you created on the Welcome page to open the admin console.

   Admin console login screen

   

   The initial screen for the admin console appears.

   Admin console

   

Procedure

1. Go to http://localhost:8080/auth/admin/ and log in to the Red Hat Single Sign-On admin console using the admin account.
2. From the Master menu, click Add Realm. When you are logged in to the master realm, this menu lists all other realms.

3. Type demo in the Name field.

   A new realm

   

   Note

   The realm name is case-sensitive, so make note of the case that you use.

4. Click Create.

   The main admin console page opens with realm set to demo.

   Demo realm

   

5. Switch between managing the master realm and the realm you just created by clicking entries in the Select realm drop-down list.

Procedure

1. From the menu, click Users to open the user list page.
2. On the right side of the empty user list, click Add User to open the Add user page.

3. Enter a name in the Username field.

   This is the only required field.

   Add user page

   

4. Flip the Email Verified switch to On and click Save.

   The management page for the new user opens.

5. Click the Credentials tab to set a temporary password for the new user.
6. Type a new password and confirm it.

7. Click Set Password to set the user password to the new one you specified.

   Manage Credentials page

   

   Note

   This password is temporary and the user will be required to change it at the first login. If you prefer to create a password that is persistent, flip the Temporary switch to Off and click Set Password.

Procedure

1. Log out of the admin console by opening the user menu and selecting Sign Out.
2. Go to http://localhost:8080/auth/realms/demo/account and log in to your demo realm as the user that you just created.

3. When you are asked to supply a new password, enter a password that you can remember.

   Update password

   

   The account console opens for this user.

   Account console

   

4. Complete the required fields with any values to test using this page.

Procedure

1. Download JBoss EAP 7.3 from the Red Hat customer portal.

2. Unzip the downloaded JBoss EAP.

   $ unzip <filename>.zip

3. Change to the Red Hat Single Sign-On root directory.

4. Start the Red Hat Single Sign-On server by supplying a value for the jboss.socket.binding.port-offset system property. This value is added to the base value of every port opened by the Red Hat Single Sign-On server. In this example, 100 is the value.

   Linux/Unix

   $ cd bin
   $ ./standalone.sh -Djboss.socket.binding.port-offset=100

   Windows

   > ...\bin\standalone.bat -Djboss.socket.binding.port-offset=100

   Windows Powershell

   > ...\bin\standalone.bat -D"jboss.socket.binding.port-offset=100"

5. Confirm that the Red Hat Single Sign-On server is running. Go to http://localhost:8180/auth/admin/ .

   If the admin console opens, you are ready to install a client adapter that enables JBoss EAP to work with Red Hat Single Sign-On.

Procedure

1. Download the Client Adapter for EAP 7 from the Red Hat customer portal.
2. Change to the root directory of JBoss EAP.

3. Unzip the downloaded client adapter in this directory. For example:

   $ unzip <filename>.zip

4. Change to the bin directory.

   $ cd bin

5. Run the appropriate script for your platform.

   Note

   If you receive a file not found, make sure that you used unzip in the previous step. This method of extraction installs the files in the right place.

   Linux/Unix

   $ ./jboss-cli.sh --file=adapter-elytron-install-offline.cli

   Windows

   > jboss-cli.bat --file=adapter-elytron-install-offline.cli

   Note

   This script makes the necessary edits to the …​/standalone/configuration/standalone.xml file.

6. Start the application server.

   Linux/Unix

   $ ./standalone.sh

   Windows

   > ...\standalone.bat

Procedure

1. Log in to the admin console with your admin account: http://localhost:8180/auth/admin/
2. In the top left drop-down list, select the Demo realm.

3. Click Clients in the left side menu to open the Clients page.

   Clients

   

4. On the right side, click Create.

5. On the Add Client dialog, create a client called vanilla by completing the fields as shown below:

   Add Client

   

6. Click Save.
7. On the Vanilla client page that appears, click the Installation tab.

8. Select Keycloak OIDC JSON to generate a file that you need in a later procedure.

   Keycloak.json file

   

9. Click Download to save Keycloak.json in a location that you can find later.

10. Select Keycloak OIDC JBoss Subsystem XML to generate an XML template.

    Template XML

    

11. Click Download to save a copy for use in the next procedure, which involves JBoss EAP configuration.

Procedure

1. Go to the standalone/configuration directory in your JBoss EAP root directory.

2. Open the standalone.xml file and search for the following text:

   <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>

3. Change the XML entry from self-closing to using a pair of opening and closing tags as shown here:

   <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
   </subsystem>

4. Paste the contents of the XML template within the <subsystem> element, as shown in this example:

   <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
     <secure-deployment name="WAR MODULE NAME.war">
       <realm>demo</realm>
       <auth-server-url>http://localhost:8180/auth</auth-server-url>
       <public-client>true</public-client>
       <ssl-required>EXTERNAL</ssl-required>
       <resource>vanilla</resource>
     </secure-deployment>
   </subsystem>

5. Change WAR MODULE NAME.war to vanilla.war:

   <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
     <secure-deployment name="vanilla.war">
     ...
   </subsystem>

6. Reboot the application server.

Procedure

1. Make sure your JBoss EAP application server is started.

2. Download the code and change directories using the following commands.

   $ git clone https://github.com/redhat-developer/redhat-sso-quickstarts
   $ cd redhat-sso-quickstarts/app-profile-jee-vanilla/config

3. Copy the keycloak.json file to the current directory.
4. Move one level up to the app-profile-jee-vanilla directory.

5. Install the code using the following command.

   $ mvn clean wildfly:deploy

6. Confirm that the application installation succeeded. Go to http://localhost:8080/vanilla where a login page is displayed.

   Login page confirming success

   

7. Log in using the account that you created in the demo realm.

   Login page to demo realm

   

   A message appears indicating you have completed a successful use of Red Hat Single Sign-On to protect a sample JBoss EAP application. Congratulations!

   Complete success