Setting Up A Keycloak Server For Authenticating To FileMaker: Part 10: Keycloak 16 & SSL Configuration

The Changes

The Configuration — CLI

cd /opt/keycloak/current/bin
sudo ./jboss-cli.sh
connect
[standalone@localhost:9990 /]
{"outcome" => "success"}
/subsystem=elytron/key-store=httpsKS:add(relative-to=jboss.server.config.dir,path=keycloak.jks,credential-reference={clear-text=KEYSTORE_PASSWORD},type=JKS)
/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,credential-reference={clear-text=KEYCLOAK_SSL_PASSWORD})
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=httpsSSC)
reload
sudo shutdown -r now

The Configuration — standalone.xml

<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="password"></credential-reference>
<implementation type="JKS"></implementation>
<file path="application.keystore" relative-to="jboss.server.config.dir"></file>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
<credential-reference clear-text="password"></credential-reference>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM"></server-ssl-context>
</server-ssl-contexts>
</tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="password"></credential-reference>
<implementation type="JKS"></implementation>
<file path="application.keystore" relative-to="jboss.server.config.dir"></file>
</key-store>
<key-store name="httpsKS">
<credential-reference clear-text="KEYSTORE_PASSWORD"></credential-reference>
<implementation type="JKS"></implementation>
<file path="keycloak.jks" relative-to="jboss.server.config.dir"></file>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
<credential-reference clear-text="password"></credential-reference>
</key-manager>
<key-manager name="httpsKM" key-store="httpsKS">
<credential-reference clear-text="KEYCLOAK_SSL_PASSWORD"></credential-reference>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM"></server-ssl-context>
<server-ssl-context name="httpsSSC" protocols="TLSv1.2" key-manager="httpsKM"></server-ssl-context>
</server-ssl-contexts>
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="$<span data-mce-code=" shortcode="" data-mce-type="code"><span>{wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}</span>">
<buffer-cache name="default"></buffer-cache>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"></http-listener>
<https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"></https-listener>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content">
<http-invoker http-authentication-factory="application-http-authentication"></http-invoker>
</location>
</host>
</server>
<servlet-container name="default">
<jsp-config></jsp-config>
<websockets></websockets>
</servlet-container>
<handlers>
<file name="welcome-content" path="$<span data-mce-code=" shortcode="" data-mce-type="code"><span>{jboss.home.dir}</span>/welcome-content"/>
</file>
</handlers>
<application-security-domains>
<application-security-domain name="other" security-domain="ApplicationDomain"></application-security-domain>
</application-security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="$<span data-mce-code=" shortcode="" data-mce-type="code"><span>{wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}</span>">
<buffer-cache name="default"></buffer-cache>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"></http-listener>
<https-listener name="https" socket-binding="https" ssl-context="httpsSSC" enable-http2="true"></https-listener>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content">
<http-invoker http-authentication-factory="application-http-authentication"></http-invoker>
</location>
</host>
</server>
<servlet-container name="default">
<jsp-config></jsp-config>
<websockets></websockets>
</servlet-container>
<handlers>
<file name="welcome-content" path="$<span data-mce-code=" shortcode="" data-mce-type="code"><span>{jboss.home.dir}</span>/welcome-content"/>
</file>
</handlers>
<application-security-domains>
<application-security-domain name="other" security-domain="ApplicationDomain"></application-security-domain>
</application-security-domains>
</subsystem>

The Configuration — Testing

https://DOMAIN_SUBDOMAIN:8443/auth/
https://DOMAIN_SUBDOMAIN/auth/

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store