发布于 2015-12-04 00:22:30 | 190 次阅读 | 评论: 0 | 来源: 网友投递
Keycloak SSO 集成解决方案
Keycloak 是一个针对Web应用和 RESTful Web 服务提供 SSO 集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。目前用于实现 JBoss 与 Wildfly 通讯,但将来将为 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。
Keycloak 1.7.0.CR1 发布,主要更新如下:
Groups - users can belong to one or more groups and inherit role mappings and attributes from the group.
First Broker Login Flow - we've introduced a number of improvements to first login with identity brokers as well as the ability to customize the flow used.
Client Registration - clients can now dynamically register themselves with a Keycloak server. This supports Keycloak client representations, OpenID Connect Dynamic Client Registration and SAML Entity Descriptors. Client registration are simple REST endpoints, there's also a Java library and a CLI is coming soon.
OpenID Connect Implicit and Hybrid flows - we've added support for the Implicit and Hybrid flows. It's also possible to select what flows are available for a specific client.
Add User script - as a first step to not having a default admin user we've added a script that allows creating an initial admin account.
Cache fixes - there's a number of fixes related to caching, which should improve performance especially in clusters.
Email Sender SPI - previously we had one SPI that created email content from FreeMarker and also sent emails. We've now split this into two separate SPIs.
SAML SP WildFly subsystem - there's now a WildFly subsystem for the SAML SP adapter, which makes it easier to use the SAML SP adapter on WildFly.
WildFly 10 adapter support - the WildFly adapter, including adapter subsystem, now supports WildFly 10.
详情请看:发行说明
Keycloak 是一个为浏览器和 RESTful Web 服务提供 SSO 的集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。最开始是面向 JBoss 和 Wildfly 通讯,但已经计划为其他诸如 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。