发布于 2015-05-05 23:50:51 | 255 次阅读 | 评论: 0 | 来源: 网友投递
Keycloak SSO 集成解决方案
Keycloak 是一个针对Web应用和 RESTful Web 服务提供 SSO 集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。目前用于实现 JBoss 与 Wildfly 通讯,但将来将为 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。
Keycloak 1.2.0.CR1 发布,更新了管理控制台、 登录页和帐户管理,以更好地适应 PatternFly 的外观和感觉。使得 Keycloak 和其他 JBoss 项目之间能够更好地集成。在客户端方面,将 Keycloak 应用程序和 oauth 客户端合并成一个客户端了,管理更加轻松了。
此外,还有一些新增功能:
Token mapping - Through token mapping it's possible to pull in additional information from brokered identity providers
Store and retrieve external token - It's now possible to store the token retrieved from brokered identity providers. Clients can retrieve this if they need to invoke services secured by the external identity provider.
Persist and manage consents - When a user consents access to a client the consents are now saved. Users can also view and manage consents given to clients through the account management console.
Password Policies - Through password policies it's now possible to prevent re-use of previous passwords, require users to regularly update their password and also provide a regular expression for required password format.
HttpClient SPI - The introduction of a HttpClient SPI makes it possible to configure the HTTP connections initiated by Keycloak. For example to provide a trust store.
KeycloakContext - KeycloakContext is exposed through KeycloakSession and gives providers access to HTTP headers, cookies, query parameters, etc.
Logging Updates - The JBoss Logging event listener is now enabled by default for new realms. This makes it easier to view debug log information for login events.
Spring Security Adapter preview - We now have a Spring Security Adapter. There's is no documentation and we haven't tested it thoroughly so consider this a preview.
更多内容请查看发行页面。