This document provides an overview of training for Red Hat Single Sign-On (RH-SSO). It covers prerequisites, installing RH-SSO, starting the RH-SSO server, creating realms and users, and examples of using RH-SSO with client applications. Specific topics covered include cloning RH-SSO examples, registering applications with RH-SSO, configuring the Keycloak adapter, and testing login flows. The document also provides pointers for understanding OAuth2, OpenID Connect, and using RH-SSO's REST API and authorization services.
Statutory demands are a great way to attempt to recover debts from an insolvent debtor company. This eBook is a complete guide to drafting and serving statutory demands.
The zombie invasion has proven too much for humanity and as such we must move on to the moon and eventually to Mars. In preparation for this trip space shuttles must be constructed at depots around the world. The WGTG Corporation has been formed to accomplish this task.
The depots require an integrated system to run the manufacturing process. To meet this need the ShipDepot application stack has been developed. ShipDepot is a three-tier application designed to run in Docker containers to provide the upmost resiliency as any interruption in service will no doubt cost human lives.
Edexcel IGCSE Chinese (4CN1_01) 2019 SAM Listening 中学会考中文听力理解解析LEGOO MANDARIN
Edexcel IGCSE Chinese (4CN1_01) 2019 SAM Listening 中学会考中文听力理解解析- Intensive Revision Course Based on Past Exam Papers 全真考题速递
The Edexcel Level 1/Level 2 GCSE (9–1) in Chinese (spoken Mandarin/spoken Cantonese) is designed for use in schools and colleges
We are expert in Chinese for foreigners and we pay attention to Edexcel GCSE, GCE Chinese closely since 1999. We build a huge database to cover all GCSE, A LEVEL, AP, SAT, IB Chinese from different exam board and HSK (Chinese Proficiency Test). We collected 250,000 plus vocabulary with the best possible English translation to help foreigners understand Chinese better.
Combining our 27 years’ experience in Teaching and editing our own materials, here is the “LIFE SAVING” book called by many students for their exams. Grab this unique book!
We thought that we had contained the outbreak; we were wrong. The outbreak is back with a vengeance and society as we knew it has fallen. Fortunately, Mr. Billionaire planned for this contingency. His space tourism company has built a large lunar base, designed to support what is left of the human race until the first colony can be established on Mars.
Statutory demands are a great way to attempt to recover debts from an insolvent debtor company. This eBook is a complete guide to drafting and serving statutory demands.
The zombie invasion has proven too much for humanity and as such we must move on to the moon and eventually to Mars. In preparation for this trip space shuttles must be constructed at depots around the world. The WGTG Corporation has been formed to accomplish this task.
The depots require an integrated system to run the manufacturing process. To meet this need the ShipDepot application stack has been developed. ShipDepot is a three-tier application designed to run in Docker containers to provide the upmost resiliency as any interruption in service will no doubt cost human lives.
Edexcel IGCSE Chinese (4CN1_01) 2019 SAM Listening 中学会考中文听力理解解析LEGOO MANDARIN
Edexcel IGCSE Chinese (4CN1_01) 2019 SAM Listening 中学会考中文听力理解解析- Intensive Revision Course Based on Past Exam Papers 全真考题速递
The Edexcel Level 1/Level 2 GCSE (9–1) in Chinese (spoken Mandarin/spoken Cantonese) is designed for use in schools and colleges
We are expert in Chinese for foreigners and we pay attention to Edexcel GCSE, GCE Chinese closely since 1999. We build a huge database to cover all GCSE, A LEVEL, AP, SAT, IB Chinese from different exam board and HSK (Chinese Proficiency Test). We collected 250,000 plus vocabulary with the best possible English translation to help foreigners understand Chinese better.
Combining our 27 years’ experience in Teaching and editing our own materials, here is the “LIFE SAVING” book called by many students for their exams. Grab this unique book!
We thought that we had contained the outbreak; we were wrong. The outbreak is back with a vengeance and society as we knew it has fallen. Fortunately, Mr. Billionaire planned for this contingency. His space tourism company has built a large lunar base, designed to support what is left of the human race until the first colony can be established on Mars.
Bullet Physics is a professional open source collision detection, rigid body and soft body dynamics library. The library is free for commercial use under the ZLib license.
Day Stay Program - Research and Evaluation - Tweddle Child and Family Health ...Tweddle Australia
A recent Monash University Jean Hailes Research Unit study into the Tweddle Day Stay Program examined the health, social circumstances and presenting needs of 115 clients attending the Tweddle Day stay Program. The study looked at parents with infants under 12 months old and assessed the parent mental health and infant behaviour outcomes and factors associated with program success. Results revealed that Day Stay participants’ mental health and their infants’ behaviours were significantly improved after their admission.
Recent Victorian State Government policy and legislative changes are intended to promote earlier intervention for vulnerable families and children. Tweddle’s Day Stay programs, which operate across 5 western locations across Victoria, have a focus on infant health and development and the promotion of parent-infant emotional attachment. The study, conducted by Heather Rowe, Sonia Mccallum, Minh Thi H Le and Renzo Vittorino concluded that the Day Stay Program offered important benefits for the prevention of more serious family problems and consequent health care cost savings
Article "Un an de télétravail et de COVID" dans le magazine StartPascal Flamand
Billet d'humeur dans le magazine Start : Retour d’expérience d’un chef d’entreprise et de ses équipes; autres considérations oiseuses sur la résilience des organisations…
Article "La tyrannie du risque zéro" dans le magazine StartPascal Flamand
Billet d'humeur dans le magazine Start : « Fais pas ci, fais pas ça, Viens ici, mets-toi là, Attention, prends pas froid, Ou sinon gare à toi, Mange ta soupe, allez, brosse toi les dents, Touche pas ça, fais dodo, Dis papa, dis maman, Fais pas ci fais pas ça » Qui aurait pu croire que l’injonction de Jacques Dutronc deviendrait le slogan de notre société déboussolée du début du 21 e siècle ? Les hérauts de l’interdiction, les chantres de la
réglementation, les régulateurs de la vie humaine ont pris le pouvoir...
Article "quand les licornes voleront..." dans le magazine StartPascal Flamand
Billet d'humeur dans le magazine Start : Oyez, oyez braves gens, un récent – à l’aune temporelle de cette noble institution, reconnue pour sa jeunesse et son agilité -rapport du Sénat (à retrouver sur senat.fr) met en avant les manques cruels et flagrants de notre industrie numérique nationale....
Pourquoi Busit et Jaguards rapprochent leurs offres : Les deux entreprises, l'une basée à Nice et l'autre à Sophia-Antipolis, rapprochent leur offre individuelle en une offre commune. Le but, notamment, est d'adresser un marché plus large avec une solution de bout en bout. A commencer par la maintenance industrielle
JAGUARDS, éditeur de solutions de gestion opérationnelle, de maintenance et de traçabilité des évènements de sécurité, et BUSIT, éditeur de solutions de pilotage IoT, Big Data et analytique dédiées à la gouvernance et la maîtrise énergétique du bâtiment et de l’industrie, sont heureuses d’annoncer leur partenariat en vue de proposer une offre commune, pour répondre aux enjeux de maintenance industrielle.
La tribune ce que booster apporte à semantic expertsPascal Flamand
SemanticExperts à l'honneur dans la Article La Tribune à l'occasion du challenge Booster PACA avec la solution de gestion de crise et des risques Jaguards Collectivités
Jaguards, la solution orientée sécurité qui permet à Janua de se distinguer. Avec son logiciel de main courante, la PME installée à Sophia-Antipolis adresse les situations de crise en s'appuyant sur les besoins métiers. Une façon de gérer l'information et de traiter les problématiques qui s'inscrivent dans les besoins de sécurisation actuels.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
2. Table des matières
1 History............................................................................................................................................12
2 Prerequisites...................................................................................................................................13
2.1 Presentation.............................................................................................................................13
2.2 Cloning Rh-SSO quickstart examples....................................................................................13
2.3 Cloning Keycloak examples...................................................................................................14
2.3.1 Clone Project...................................................................................................................14
2.3.2 Compiling keycloak........................................................................................................14
3 Starting with RH-SSO....................................................................................................................15
3.1 Overview.................................................................................................................................15
3.2 Prerequisite.............................................................................................................................15
3.3 Installing RH-SSO from zip file.............................................................................................15
3.3.1 Installation command......................................................................................................16
3.4 RH-SSO Layout......................................................................................................................16
3.5 Starting RH-SSO.....................................................................................................................16
3.6 Admin Account creation.........................................................................................................22
3.7 Realms....................................................................................................................................24
3.7.1 Creating a new realm......................................................................................................24
3.7.2 Create user1 in demo realm.............................................................................................27
3.8 Installing JBoss EAP 7 server's...............................................................................................31
3.9 Starting Jboss EAP Server......................................................................................................31
3.10 Installing RH-SSO Jboss Adapter.........................................................................................34
3.11 Building and cloning RH-SSO sample.................................................................................35
3.12 Basic application login..........................................................................................................37
3.13 Registering the vanilla application with RH-SSO................................................................38
3.14 Displaying Keycloak Vanilla client information...................................................................39
3.15 Updating vanilla application configuration to connect to RH-SSO.....................................40
3.16 Test of application.................................................................................................................41
3.17 pointers..................................................................................................................................43
4 Using RH-SSO with client applications.........................................................................................44
4.1 Overview.................................................................................................................................44
4.2 Demo Template Example........................................................................................................44
4.3 realm demo preparation..........................................................................................................45
4.3.1 Creating realm demo.......................................................................................................46
4.3.2 Creating demo Roles.......................................................................................................47
4.3.3 Default Role....................................................................................................................48
4.3.4 Adding a user to the demo realm....................................................................................49
4.4 Adding Customer portal application.......................................................................................52
4.4.1 Creating customer client application...............................................................................52
4.4.2 Inside Add Client window...............................................................................................53
4.4.3 Customer-portal Client....................................................................................................54
4.4.4 Client Credentials............................................................................................................54
4.4.5 Customer-portal JSON file format..................................................................................55
4.4.6 Compiling customer-portal webapp................................................................................56
Preparing customer-app directory........................................................................................56
Adding keycloak.json file.....................................................................................................56
Sources Modifications..........................................................................................................57
Compiling customer and deploying customer-app...............................................................57
3. 4.4.7 Logging to customer-portal app......................................................................................59
4.5 Adding Product Portal.............................................................................................................60
Registering Product Portal....................................................................................................60
Using JWKS URI for authentication....................................................................................62
Keycloak.json file.................................................................................................................63
JKS keystore (Information)..................................................................................................64
4.5.1 Sources Modifications.....................................................................................................67
4.5.2 Compiling product portal app.........................................................................................68
4.5.3 Connecting to product portal app....................................................................................69
4.6 Database service.....................................................................................................................71
4.6.1 Adding database service client application.....................................................................72
4.6.2 Configuring Bearer only authentication scheme.............................................................72
4.6.3 keycloak Json file for Database Services........................................................................73
4.6.4 Compiling and deploying database service.....................................................................74
4.6.5 Testing customer display with database services............................................................76
4.7 Common Mistake....................................................................................................................77
4.8 Pointers...................................................................................................................................78
5 Understanding Oauth2 and OpenID...............................................................................................79
5.1 Oauth2 Presentation................................................................................................................79
5.2 Oauth2 Elements.....................................................................................................................79
5.2.1 Oauth Roles.....................................................................................................................79
5.2.2 Tokens.............................................................................................................................80
5.2.3 Scopes:............................................................................................................................80
5.2.4 Oauth2 Flows..................................................................................................................80
5.2.5 Security...........................................................................................................................81
5.3 Client Registration..................................................................................................................81
5.4 Authorization Code Grant.......................................................................................................81
5.5 Implicit Flow...........................................................................................................................85
5.6 Resource Owner Password Credentials(Ropc).......................................................................87
6 Understanding OpenID Connect (OIDC).......................................................................................90
6.1 Overview.................................................................................................................................90
6.2 OpenID sequence flow............................................................................................................91
6.3 OpenID flows..........................................................................................................................91
6.4 Authorization Code flow.........................................................................................................92
6.5 Implicit Flow...........................................................................................................................98
6.6 ID token analysis....................................................................................................................99
7 Debugging and analysing a RH-SSO example.............................................................................102
7.1 Overview...............................................................................................................................102
7.2 RH-SSO quickstart app-jsp example....................................................................................102
7.2.1 Prerequisites:.................................................................................................................102
7.2.2 app-jsp application creation.........................................................................................102
7.2.3 Client configuration......................................................................................................103
7.2.4 Client Credentials..........................................................................................................104
7.2.5 app-jsp json configuration export.................................................................................104
7.2.6 Deploying the app-jsp application................................................................................105
7.3 Creating a user......................................................................................................................106
7.3.1 Json file import..............................................................................................................106
7.3.2 Using the admin console...............................................................................................108
7.3.3 Create Roles and User...................................................................................................108
4. 7.4 Login to the app....................................................................................................................108
7.5 Checking Request Headers and Response Headers of the /authenticate endpoint request...111
7.6 Using jwt.io debugger...........................................................................................................112
7.7 Checking Cookie within Chrome..........................................................................................114
7.7.1 Accessing to the Chrome cookie...................................................................................115
7.7.2 Accessing to the Firefox Cookie..................................................................................115
8 Using REST API with RH-SSO...................................................................................................117
8.1 Presentation...........................................................................................................................117
8.2 App-js application.................................................................................................................117
8.3 Realm endpoints - .well-known/openid-configuration.........................................................117
8.3.1 RH-SSO endpoint URLs...............................................................................................117
8.3.2 Using .well-known/openid-configuration......................................................................118
8.4 admin-cli Client application..................................................................................................121
8.4.1 Getting an admin Bearer token with the admin CLI.....................................................121
8.4.2 Using admin Bearer Token in Rest API query..............................................................125
Get the top-level representation of the realm..........................................................................125
8.4.3 Using another admin user with admin-cli.....................................................................130
8.4.4 Listing the number of sessions present on a realm.......................................................131
8.5 Using kcadm.........................................................................................................................135
8.5.1 .keycloak registry..........................................................................................................135
8.5.2 Using kcadm.................................................................................................................136
8.5.3 Security measure with kcadm.......................................................................................136
8.6 Usage of REST API with realm endpoints...........................................................................137
8.6.1 App-jsp information......................................................................................................137
8.6.2 Performing a ROPC query to the /token endpoint........................................................137
8.6.3 Using the userinfo and introspect endpoints.................................................................139
8.7 Using Refresh Token using ropc...........................................................................................144
8.7.1 Ropc query to generate access and refresh tokens........................................................144
8.7.2 Performing the query using the refresh token...............................................................146
8.8 Using mod_auth_openidc.....................................................................................................149
8.8.1 Presentation...................................................................................................................149
8.8.2 Putting mod_auth_openidc in place..............................................................................149
8.8.3 Enabling mod_auth_openidc module with apache2.....................................................149
8.8.4 Configuring RH-SSO Server for mod_auth_openidc...................................................150
8.8.5 Configuration of the realm external login – SSL set to none.......................................151
8.8.6 Configuration of mod_auth_openidc module...............................................................152
8.8.7 Testing module mod_auth_openidc..............................................................................154
9 Using OpenID protocol to connect to an IDP provider................................................................156
9.1 Presentation...........................................................................................................................156
9.2 FranceConnect......................................................................................................................156
9.2.1 Register with FranceConnect........................................................................................156
9.2.2 Information display.......................................................................................................161
9.3 France Connect Endpoints....................................................................................................161
9.4 Dummy test user IDP creation..............................................................................................161
9.5 RH-SSO configuration + IDP post configuration.................................................................163
9.5.1 Create of an identity provider.......................................................................................163
9.6 Configuring RH-SSO identity provider................................................................................164
9.7 Adding identity provider mappers........................................................................................166
9.8 Post Configuration task of IDP configuration......................................................................167
5. 9.9 Tests......................................................................................................................................169
9.9.1 Application Test.............................................................................................................169
9.10 Account Linking.................................................................................................................172
10 SAML V2 Presentation...............................................................................................................174
10.1 What is SAML ?.................................................................................................................174
10.2 SAML References...............................................................................................................174
10.3 SAML 2.0 in short..............................................................................................................174
10.3.1 SAML V2 features......................................................................................................174
10.3.2 Major Key elements....................................................................................................175
10.4 SAML Components............................................................................................................177
10.5 SAML elements (used by RH-SSO)...................................................................................179
10.5.1 SP Element..................................................................................................................179
10.5.2 SP Keys and Key elements..........................................................................................180
10.5.3 KeyStore element........................................................................................................180
10.5.4 Key PEMS...................................................................................................................181
10.5.5 SP PrincipalNameMapping element...........................................................................181
10.5.6 RoleIdentifiers element..............................................................................................181
10.5.7 IDP Element...............................................................................................................182
10.5.8 IDP SingleSignOnService sub element.......................................................................182
10.5.9 IDP SingleLogoutService sub element.......................................................................183
10.5.10 IDP Keys subelement...............................................................................................184
10.6 XML SAML Examples.......................................................................................................184
10.6.1 Post Request example.................................................................................................184
10.6.2 Response Extract.........................................................................................................185
11 SAML broker example with with RH-SSO................................................................................186
11.1 Presentation.........................................................................................................................186
11.2 RH-SSO consideration........................................................................................................186
11.3 Preparing RH-SSO – adding SAML adapter......................................................................186
11.4 Adding SAML tracer to Firefox..........................................................................................188
11.5 Launching RH-SSO............................................................................................................189
11.6 Compiling and deploying the example...............................................................................189
11.7 Creating both realms in RH-SSO........................................................................................189
11.8 Understanding the SAML broker applications...................................................................190
11.8.1 Saml Broker realm......................................................................................................190
11.8.2 saml-broker-authentication-realm...............................................................................193
11.9 CORS enabled.....................................................................................................................196
11.10 SAML Scenario in action..................................................................................................196
11.11 Adding attribute mapper on the identity provider.............................................................198
11.12 Checking details of a built-in member (givenName)........................................................199
11.13 Debugging SAML exchange............................................................................................200
11.13.1 Using Firefox plugin add on......................................................................................200
11.13.2 Analyzing content of a response with SAML tracer.................................................201
11.14 Adding SAML attributes to the SP..................................................................................202
11.15 Complete Scenario...........................................................................................................204
11.16 User in Saml-authentication-realm...................................................................................204
12 SAML Integration with an external IDP (OKTA)......................................................................206
12.1 Overview.............................................................................................................................206
12.2 Configuring Okta as an IDP................................................................................................206
12.2.1 Create an OKTA account............................................................................................206
6. 12.2.2 Configuring OKTA IDP..............................................................................................210
12.2.3 Prepare Data for the SP...............................................................................................215
12.2.4 Adjusting SAML Setting if necessary.........................................................................216
12.2.5 Registering a user with OKTA....................................................................................217
12.3 Configuring RH-SSO as a service provider........................................................................219
12.3.1 Creating saml_okta_idp..............................................................................................219
12.3.2 Adding Attribute mapper.............................................................................................220
12.4 Using Federation.................................................................................................................222
12.4.1 Check users.................................................................................................................222
12.4.2 Log to SP client application........................................................................................222
12.4.3 Checking Users...........................................................................................................224
12.4.4 Account Linking..........................................................................................................225
13 Understanding Authorization Services with Redhat SSO..........................................................226
13.1 Presentation.........................................................................................................................226
13.2 Key Concepts of RH-SSO Authorization service...............................................................227
13.3 Components of an Authorization Service...........................................................................227
13.4 Resources............................................................................................................................227
13.5 Authorization Scopes..........................................................................................................228
13.6 Policies................................................................................................................................228
13.6.1 Role Policy..................................................................................................................229
13.6.2 JavaScript Role..........................................................................................................229
13.7 photoz-restful-api Authorization Policies...........................................................................229
13.8 Permission...........................................................................................................................230
13.8.1 Resource – policy permission match...........................................................................230
13.8.2 Scope – policy permission match................................................................................230
13.9 Putting it all together – Tailoring authorization Service to your architecture needs..........231
13.10 Pointers.............................................................................................................................231
14 Using a simple RH-SSO Authorization example.......................................................................232
14.1 Securing a Servlet Application...........................................................................................232
14.2 Creating a Realm and a User..............................................................................................232
2.3. Enabling Authorization Services..........................................................................................234
14.3 Build, Deploy, and Test Your Application..........................................................................237
14.3.1 Obtaining the Adapter Configuration..........................................................................237
14.4 Building and Deploying the Application............................................................................240
14.4.1 Testing the Application..............................................................................................240
15 Authorization access using Role based users.............................................................................242
15.1 Overview.............................................................................................................................242
15.2 Using the keycloak authz example.....................................................................................242
15.2.1 Source location............................................................................................................242
15.2.2 adapting example sources to RH-SSO infrastructure..................................................242
15.3 Installing servlet_authz-example in RH-SSO server's........................................................243
15.3.1 Realm creation............................................................................................................243
15.3.2 Importing Authorization..............................................................................................243
15.3.3 Adapting RH-SSO clients Urls...................................................................................244
15.4 Compiling and deploying servlet-authz sources.................................................................247
15.5 Authorization example test.................................................................................................247
15.5.1 Logging with restricted privileges..............................................................................247
15.5.2 Using Premium Users................................................................................................249
15.6 Detailed authorization scheme analysis..............................................................................251
7. 15.6.1 Resources....................................................................................................................251
15.6.2 Scopes.........................................................................................................................252
15.6.3 Policies........................................................................................................................253
15.6.4 Permission...................................................................................................................254
Resource based permission................................................................................................254
scope permission policies...................................................................................................255
16 Fine Grain Authorization – UMA policy....................................................................................257
16.1 Presentation.........................................................................................................................257
16.2 UMAAuthorisation Service documentation.......................................................................257
16.3 About the Example Application..........................................................................................257
16.4 Building the keycloak/auth/photoz example.......................................................................258
16.4.1 Creating the photoz-realm..........................................................................................258
16.4.2 Build examples............................................................................................................259
16.4.3 Import Photoz server resource permission..................................................................259
16.5 Deploy and Run the Example Applications........................................................................259
16.5.1 Example (being logged Alice).....................................................................................260
16.5.2 Example (being logged Admin)..................................................................................260
16.5.3 Misc about the examples.............................................................................................261
17 RH-SSO LDAP integration........................................................................................................263
17.1 Presentation.........................................................................................................................263
17.2 Pointers...............................................................................................................................263
17.3 Keycloak LDAP example...................................................................................................263
17.3.1 Overview.....................................................................................................................263
17.3.2 Building and deploying demo LDAP application.......................................................264
17.4 Examining the LDAP example using Jexplorer.................................................................264
17.4.1 Connecting with Jexplorer to the LDAP instance.......................................................264
17.4.2 Displaying Roles at LDAP level.................................................................................266
17.5 Creating ldap-portal realm (manual creation).....................................................................267
17.5.1 Ldap-test realm creation..............................................................................................267
17.5.2 Adding LDAP Provider to the ldap-test realm............................................................268
17.5.3 Configuring LDAP Provider.......................................................................................268
17.5.4 RH-SSO LDAP synchronization policy......................................................................270
17.5.5 Mappers.......................................................................................................................271
.....................................................................................................................................................273
17.6 Ldap-demo realm (Json import).........................................................................................273
17.7 Building and Deploying ldap-portal webapp......................................................................274
17.7.1 Modifications..............................................................................................................274
17.7.2 Changes to be done.....................................................................................................274
17.8 Logging to RH-SSO............................................................................................................274
17.8.1 RH-SSO ldap-demo login page...................................................................................274
17.8.2 Logging to the ldap demo webapp..............................................................................275
18 Relation Database Setup.............................................................................................................277
18.1 Presentation.........................................................................................................................277
18.2 Postgresql DB installation and preparation.......................................................................277
18.2.1 Installing PostgreSQL (Ubuntu)..................................................................................277
18.2.2 Installing PostgreSQL (RedHat Linux).......................................................................277
18.2.3 Change postgresql password.......................................................................................278
18.2.4 pg_hba.conf update.....................................................................................................278
18.2.5 Authentication test......................................................................................................279
8. 18.3 Creating the keycloak DB...................................................................................................279
18.4 PostgreSql RDBMS with RH-SSO.....................................................................................279
18.4.1 PostgreSql driver download........................................................................................279
18.4.2 PostgreSql driver installation......................................................................................279
18.4.3 Module.xml file...........................................................................................................280
18.4.4 JDBC driver update.....................................................................................................281
18.4.5 Driver section update..................................................................................................281
18.4.6 Datasource section update...........................................................................................281
18.5 Testing the whole................................................................................................................282
19 Importing/Exporting Keycloak configuration............................................................................288
19.1 Presentation.........................................................................................................................288
19.2 Import/export commands....................................................................................................288
19.2.1 Exporting to a single file.............................................................................................288
19.2.2 Exporting to a directory..............................................................................................288
19.2.3 Imports........................................................................................................................288
19.3 Options................................................................................................................................289
20 RH-SSO Security........................................................................................................................290
20.1 Security Best Practices........................................................................................................290
20.2 Defining Keystore...............................................................................................................290
20.2.1 PKI – Self Cert – CAAuthorithy................................................................................290
20.3 SSL - Keystore (InBound Request)...................................................................................291
20.3.1 Generating self cert.....................................................................................................291
20.3.2 Customizing standalone.xml with ssl..........................................................................291
20.4 Checking RH-SSO HTTPS connection..............................................................................292
20.4.1 Starting RH-SSO Server.............................................................................................292
20.4.2 Checking SSL connection using openssl....................................................................292
20.4.3 Checking HTTPS connection......................................................................................294
20.5 TrustStore (OUtbound Request).........................................................................................297
20.6 Differences between when using self signed and signed certificates.................................298
21 RH-SSO Networking..................................................................................................................299
21.1 RH-SSO Port presentation – standalone.xml (standalone-ha.xml).....................................299
21.2 Usage of each port..............................................................................................................300
21.3 Disabling http and AJP for RH-SSO...................................................................................300
21.4 RH-SSO Multicast Groups.................................................................................................301
21.5 RH-SSO multicast Group with clustering..........................................................................302
21.5.1 Jgroups - multicast......................................................................................................302
21.5.2 ModCluster - multicast................................................................................................302
22 RH-SSO Clustering Operating Modes.......................................................................................303
22.1 Presentation.........................................................................................................................303
22.2 Standalone cluster mode.....................................................................................................303
22.2.1 Standalone clustered mode layout...............................................................................303
22.3 Getting useful values of standalone-ha.xml........................................................................304
22.3.1 Starting a standalone cluster node...............................................................................305
22.3.2 Implication when using clustering mode standalone-ha.xml......................................305
22.4 domain clustered.................................................................................................................306
22.4.1 Domain cluster layout.................................................................................................306
22.4.2 Master Node................................................................................................................307
22.4.3 slave node....................................................................................................................307
22.5 Clustered Domain Example................................................................................................308
9. 22.5.1 Configuring the slave secret key.................................................................................308
22.6 Creating an admin master user............................................................................................310
22.6.1 Adding an admin user using add-user-keycloak.sh.....................................................310
22.6.2 Adding keycloak-add-user.json to master server.........................................................311
22.7 Starting Servers...................................................................................................................311
22.7.1 Starting the master......................................................................................................312
22.7.2 Starting the slave.........................................................................................................312
22.8 Add app_vanilla profile client application to the clustered................................................312
22.9 Limitation of the domain cluster example..........................................................................312
23 Using modcluster with Standalone HA cluster deployment.......................................................313
23.1 Presentation.........................................................................................................................313
23.2 ModCluster – Apache SW load Balancer...........................................................................313
23.2.1 Presentation.................................................................................................................313
23.2.2 Mod_cluster and multicast group................................................................................313
23.2.3 Mod_cluster with RH-SSO.........................................................................................313
23.3 Clustering standalone HA example.....................................................................................315
23.3.1 Presentation.................................................................................................................315
23.3.2 Limitation....................................................................................................................315
23.3.3 Setting >RH-SSO requires SSL to none.....................................................................315
23.3.4 Mod_Cluster configuration.........................................................................................316
23.3.5 Commands used..........................................................................................................318
23.3.6 Testing Modcluster......................................................................................................318
23.4 Testing application failover.................................................................................................319
24 SPI testing integration – High available environment................................................................322
24.1 Overview.............................................................................................................................322
24.2 Event SPI............................................................................................................................322
24.2.1 Deploying the Jar file..................................................................................................322
24.2.2 Registering the SPI in standalone-ha.xml...................................................................322
24.3 SPI various use cases..........................................................................................................323
24.3.1 Use case 1 – Both nodes are UP..................................................................................323
24.3.2 Use case 2 – Node1 brought Down.............................................................................324
24.4 SPI interaction with keycloak in clustering mode..............................................................324
25 RH-SSO Clustering best practices - Recommendation..............................................................325