Unconfigured Examples
===================================
This set of projects contains a stripped down version of the demo described in preconfigured-demo. All Keycloak specific
configuration has been removed. Use this project in conjunction with instructions below and/or the online screencast tutorials at
[http://keycloak.org/docs](http://keycloak.org/docs).
# Run Demo with an external Keycloak Server
These instructions assume you've already installed and started a Keycloak Server. Keycloak can be running locally on your system or remotely on another system (for example on OpenShift). If you're not running Keycloak locally you'll also need a locally running WildFly server.
## Create Realm
Open the Keycloak admin console and click on `Add Realm`. Enter `demo` as the name for the realm and click `Save`.
The demo applications use two realm roles, `user` and `admin`, so the next step is to create these roles. Click on `Roles` then click on `Add Role`. Use `user` as the role name and click `Save`. Repeat to create a role with the name `admin`.
Next you'll either want to enable user registration or create a new user.
### Enable user registration
To enable user registration first click on `Roles` then `Default Roles`. Select the `user` role and click `Add Selected`. This will make sure that all new users are automatically assigned the `user` role. Next step is to enable user registration for the realm. Click on `Settings` then `Login`. Click on the toggle for `User registration` to allow users to self-register, then `Save`.
### Create user
To create a new user click on `Users` then `Add User`. You are required to at least fill in the `Username` field, but you may want to fill in values for the other fields as well. After you've completed the form click `Save`. To allow the user to login you also need to set a password for the user. To do this click on `Credentials`. Enter a new password for the user. If you leave the `Temporary` toggle ON the user will be required to reset the password on the next login.
## Deploy Demo Applications
First, you need to install AS 7 / EAP 6.x / WildFly application server. Second, you need to install the Keycloak subsystem. To do this execute:
For AS 7.1.1:
# cd <WILDFLY HOME>
# unzip <KEYCLOAK DIST>/adapters/keycloak-as7-adapter-dist-<KEYCLOAK VERSION>.zip
For EAP 6.x:
# cd <WILDFLY HOME>
# unzip <KEYCLOAK DIST>/adapters/keycloak-eap6-adapter-dist-<KEYCLOAK VERSION>.zip
For WildFly 8.x:
# cd <WILDFLY HOME>
# unzip <KEYCLOAK DIST>/adapters/keycloak-wf8-adapter-dist-<KEYCLOAK VERSION>.zip
For WildFly 9.x:
# cd <WILDFLY HOME>
# unzip <KEYCLOAK DIST>/adapters/keycloak-wf9-adapter-dist-<KEYCLOAK VERSION>.zip
Next, configure the Keycloak adapter by editing `standalone/configuration/standalone.xml`. Add a new child-element to `<extensions>`:
<extensions>
....
<extension module="org.keycloak.keycloak-adapter-subsystem"/>
</extensions>
You also need to add realm config to the same file. Add a new child-element to `<profile>`:
<profile>
....
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<realm name="demo">
<realm-public-key>REALM PUBLIC KEY</realm-public-key>
<auth-server-url>KEYCLOAK URL</auth-server-url>
<ssl-required>external</ssl-required>
</realm>
</subsystem>
</profile>
In the above snippet replace the following:
* `REALM PUBLIC KEY` - replace with the public key for the realm. You can find this in the admin console by selecting the realm, then clicking on `Keys`
* `KEYCLOAK URL` - replace with the base url of Keycloak (for example http://localhost:8080/auth or http://keycloak.example.org/auth)
Don't start the WildFly server until you've configured and deployed the demo applications.
### Database Services
Most demo applications connect to the REST services provided by the database-services application, so start with deploying that one.
Deploy by running the following:
# cd database-services
# mvn install
# cp target/database.war <WILDFLY HOME>/standalone/deployments
Next add the configuration for it to the Keycloak subsystem. Edit `<WILDFLY HOME>/standalone/configuration/standalone.xml` to `<subsystem xmlns="urn:jboss:domain:keycloak:1.1">` add the following:
<secure-deployment name="database.war">
<realm>demo</realm>
<resource>database-service</resource>
<bearer-only>true</bearer-only>
</secure-deployment>
### Customer Portal
Next, deploy the customer portal application.
Deploy by running the following:
# cd customer-app
# mvn install
# cp target/customer-portal.war <WILDFLY HOME>/standalone/deployments
Then open the Keycloak admin console to add a configuration for it. Navigate to the realm and click on `Clients`, then `Create` button. Fill in the form with:
* Client ID - `customer-portal`
* Valid Redirect URIs - `http://localhost:8080/customer-portal/*`
Then click on `Save`. As this is a confidential (non-public) application you need the secret for it. Click on `Credentials` and note the value of the `Secret` field.
Then edit `<WILDFLY HOME>/standalone/configuration/standalone.xml` and add the following to `<subsystem xmlns="urn:jboss:domain:keycloak:1.1">`:
<secure-deployment name="customer-portal.war">
<realm>demo</realm>
<resource>customer-portal</resource>
<credential name="secret">APPLICATION SECRET</credential>
</secure-deployment>
In the above snippet replace the following:
* `APPLICATION SECRET` - replace with the applications secret you just noted from the Keycloak admin console
### Product Portal
Next, deploy the product portal application.
Run the following to deploy it:
# cd product-app
# mvn install
# cp target/product-portal.war <WILDFLY HOME>/standalone/deployments
Then, open the Keycloak admin console to add a configuration for it. Navigate to the realm and click on `Clients`, then `Create` button. Fill in the form with:
* Client ID - `product-portal`
* Valid Redirect URIs - `http://localhost:8080/product-portal/*`
Click on `Save`. As this is a confidential (non-public) application you need the secret for it. Click on `Credentials` and note the value of the `Secret` field.
Now edit `<WILDFLY HOME>/standalone/configuration/standalone.xml` and add the following to `<subsystem xmlns="urn:jboss:domain:keycloak:1.1">`:
<secure-deployment name="product-portal.war">
<realm>demo</realm>
<resource>product-portal</resource>
<credential name="secret">APPLICATION SECRET</credential>
</secure-deployment>
In the above snippet replace the following:
* `APPLICATION SECRET` - replace with the applications secret you just noted from the Keycloak admin console