1. Training KeyCloak - Redhat SSO UMA
May 2019
RH-SSO/Keycloak UMA training – Janua - Copyright 2004-2019 Page 1/3

2. Table des matières
1 History.............................................................................................................................................5
2 Using UMA and Keycloak..............................................................................................................6
2.1 Presentation – What is UMA ?.................................................................................................6
2.2 Pointers....................................................................................................................................6
2.3 UMA Key stakeholders............................................................................................................6
2.4 UMA workflow........................................................................................................................6
2.5 UMA typical use case..............................................................................................................8
2.6 Illustration of a RPT token (Request Party Token)..................................................................9
2.7 Illustration of a resource (Keycloak).....................................................................................10
2.8 Using permission...................................................................................................................11
2.9 Request approval or revokation.............................................................................................12
2.10 UMA with Keycloak – Improve application productivity...................................................12
3 UMA photoz keycloak example....................................................................................................13
3.1 Presentation............................................................................................................................13
3.2 Deploying uma photoz example............................................................................................13
3.2.1 Starting keycloak............................................................................................................13
3.2.2 Starting wildfly.............................................................................................................13
3.2.3 Deploy app-authz-uma-photoz example........................................................................13
3.2.4 Uploading uma-photoz config file.................................................................................14
3.3 Presentation of uma_photoz application................................................................................14
3.3.1 Uma_photoz architecture...............................................................................................15
3.3.2 Uma_photoz actions.......................................................................................................15
3.3.3 Uma_photoz policy........................................................................................................15
3.4 Photoz-restful-api application................................................................................................16
3.4.1 Photoz-restful-api settings..............................................................................................16
3.4.2 Photoz-restful-api Resources.........................................................................................17
3.4.3 Authorization scopes......................................................................................................19
3.4.4 Policies...........................................................................................................................19
3.4.5 Permission......................................................................................................................21
Scope base permission..............................................................................................................22
3.5 UMA-Photoz Lifecycle..........................................................................................................22
3.5.1 after login.......................................................................................................................22
3.5.2 listing resource created...................................................................................................23
3.5.3 Sharing Resource...........................................................................................................23
3.5.4 Listing Resources of Alice.............................................................................................24
3.5.5 Logging as Jdoe.............................................................................................................24
3.6 Request Approbation Lifecycle.............................................................................................25
3.6.1 Pending approval request...............................................................................................25
3.6.2 Request revokation.........................................................................................................25
4 Accessing UMA through REST API.............................................................................................26
4.1 Presentation............................................................................................................................26
4.2 Scenarios................................................................................................................................26
4.3 scripts used.............................................................................................................................27
4.3.1 access_token...................................................................................................................27
4.3.2 UMA ticket request........................................................................................................27
4.3.3 RPT token request (no persistence permission).............................................................27
4.3.4 RPT token request (persisting permission)....................................................................27
4.3.5 UMA access using RPT.................................................................................................27
4.4 Scenario1...............................................................................................................................28
RH-SSO/Keycloak UMA training – Janua - Copyright 2004-2019 Page 2/3

3. 4.4.1 Reminder of (1) alice has created an album alice3........................................................28
4.4.2 (6) Jdoe can access to the resourcethe scenario1...........................................................28
4.4.3 Step 1 – creation of Album alice1..................................................................................28
4.4.4 Step2 creation of an RPT for Alice................................................................................28
4.5 Scenario2...............................................................................................................................33
4.5.1 Reminder........................................................................................................................33
4.6 Listing all the resources.........................................................................................................39
4.6.1 Resource_set endpoint...................................................................................................39
4.6.2 PAT token (Protected access token)...............................................................................39
4.6.3 Listing all the resources.................................................................................................39
4.6.4 Listing/zooming a particular resource............................................................................40
4.6.5 Creation of a new resources...........................................................................................41
4.7 Using permissions..................................................................................................................41
4.7.1 step 1 - Jdoe trying to access A4 (403 - access unauthorized).......................................41
4.7.2 A4 - Jdoe pending approval (alice action)......................................................................42
4.7.3 Approving a pending request using REST API..............................................................42
4.7.4 Revoking access to a resource........................................................................................43
4.7.5 Listing all permissions...................................................................................................44
4.8 Pointers..................................................................................................................................45
RH-SSO/Keycloak UMA training – Janua - Copyright 2004-2019 Page 3/3