Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TOC training Keycloak RedhatSSO UMA

447 views

Published on

Table des matières du support de cours KeyCloak RedhatSSO UMA

Published in: Internet
  • Be the first to comment

  • Be the first to like this

TOC training Keycloak RedhatSSO UMA

  1. 1. Training KeyCloak - Redhat SSO UMA May 2019 RH-SSO/Keycloak UMA training – Janua - Copyright 2004-2019 Page 1/3
  2. 2. Table des matières 1 History.............................................................................................................................................5 2 Using UMA and Keycloak..............................................................................................................6 2.1 Presentation – What is UMA ?.................................................................................................6 2.2 Pointers....................................................................................................................................6 2.3 UMA Key stakeholders............................................................................................................6 2.4 UMA workflow........................................................................................................................6 2.5 UMA typical use case..............................................................................................................8 2.6 Illustration of a RPT token (Request Party Token)..................................................................9 2.7 Illustration of a resource (Keycloak).....................................................................................10 2.8 Using permission...................................................................................................................11 2.9 Request approval or revokation.............................................................................................12 2.10 UMA with Keycloak – Improve application productivity...................................................12 3 UMA photoz keycloak example....................................................................................................13 3.1 Presentation............................................................................................................................13 3.2 Deploying uma photoz example............................................................................................13 3.2.1 Starting keycloak............................................................................................................13 3.2.2 Starting wildfly.............................................................................................................13 3.2.3 Deploy app-authz-uma-photoz example........................................................................13 3.2.4 Uploading uma-photoz config file.................................................................................14 3.3 Presentation of uma_photoz application................................................................................14 3.3.1 Uma_photoz architecture...............................................................................................15 3.3.2 Uma_photoz actions.......................................................................................................15 3.3.3 Uma_photoz policy........................................................................................................15 3.4 Photoz-restful-api application................................................................................................16 3.4.1 Photoz-restful-api settings..............................................................................................16 3.4.2 Photoz-restful-api Resources.........................................................................................17 3.4.3 Authorization scopes......................................................................................................19 3.4.4 Policies...........................................................................................................................19 3.4.5 Permission......................................................................................................................21 Scope base permission..............................................................................................................22 3.5 UMA-Photoz Lifecycle..........................................................................................................22 3.5.1 after login.......................................................................................................................22 3.5.2 listing resource created...................................................................................................23 3.5.3 Sharing Resource...........................................................................................................23 3.5.4 Listing Resources of Alice.............................................................................................24 3.5.5 Logging as Jdoe.............................................................................................................24 3.6 Request Approbation Lifecycle.............................................................................................25 3.6.1 Pending approval request...............................................................................................25 3.6.2 Request revokation.........................................................................................................25 4 Accessing UMA through REST API.............................................................................................26 4.1 Presentation............................................................................................................................26 4.2 Scenarios................................................................................................................................26 4.3 scripts used.............................................................................................................................27 4.3.1 access_token...................................................................................................................27 4.3.2 UMA ticket request........................................................................................................27 4.3.3 RPT token request (no persistence permission).............................................................27 4.3.4 RPT token request (persisting permission)....................................................................27 4.3.5 UMA access using RPT.................................................................................................27 4.4 Scenario1...............................................................................................................................28 RH-SSO/Keycloak UMA training – Janua - Copyright 2004-2019 Page 2/3
  3. 3. 4.4.1 Reminder of (1) alice has created an album alice3........................................................28 4.4.2 (6) Jdoe can access to the resourcethe scenario1...........................................................28 4.4.3 Step 1 – creation of Album alice1..................................................................................28 4.4.4 Step2 creation of an RPT for Alice................................................................................28 4.5 Scenario2...............................................................................................................................33 4.5.1 Reminder........................................................................................................................33 4.6 Listing all the resources.........................................................................................................39 4.6.1 Resource_set endpoint...................................................................................................39 4.6.2 PAT token (Protected access token)...............................................................................39 4.6.3 Listing all the resources.................................................................................................39 4.6.4 Listing/zooming a particular resource............................................................................40 4.6.5 Creation of a new resources...........................................................................................41 4.7 Using permissions..................................................................................................................41 4.7.1 step 1 - Jdoe trying to access A4 (403 - access unauthorized).......................................41 4.7.2 A4 - Jdoe pending approval (alice action)......................................................................42 4.7.3 Approving a pending request using REST API..............................................................42 4.7.4 Revoking access to a resource........................................................................................43 4.7.5 Listing all permissions...................................................................................................44 4.8 Pointers..................................................................................................................................45 RH-SSO/Keycloak UMA training – Janua - Copyright 2004-2019 Page 3/3

×