Skip to content

sevensource/magnolia-module-keycloak-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub Tag Maven Central License

magnolia-module-keycloak-security

Keycloak SSO/IAM integration for Magnolia 5.5, 5.6

This module delegates authentication - in addition to Magnolias builtin authentication mechanisms - to Keycloak.

This module delegates authentication - in addition to Magnolias builtin authentication mechanisms - to Keycloak.

Contributions welcome!

Installation

  • create a client in Keycloak with Direct Access Grants enabled
  • export the configuration in Keycloak OIDC JSON format from the Installation tab
  • save the configuration file into your projects classpath, i.e. src/main/resources/keycloak.json
  • configure src/main/webapp/WEB-INF/config/jaas.config to include the KeycloakAuthenticationModule:
magnolia {
  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional realm=system;

  org.sevensource.magnolia.keycloak.security.KeycloakLoginModuleAdapter requisite realm=external skip_on_previous_success=true;
  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};

Configuration

All additional configuration is stored in Magnolias JCR.

  • login into magnolia using the superuser account
  • go into Configurations App and navigate to /modules/keycloak-security/config and add your keycloakConfigFile, i.e. classpath:keycloak.json
  • the module features a RoleMapper, which maps Keycloak roles to Magnolia roles. It is configured in /modules/keycloak-security/config/roleMapper.
  • the module installs a UserManager into /server/security/userManagers/external which can be used as an extension point for customisation