Skip to content
Keycloak SSO integration for Magnolia CMS 5.5, 5.6
Java
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/main
.gitignore
LICENSE
README.md
pom.xml

README.md

GitHub Tag Maven Central License

magnolia-module-keycloak-security

Keycloak SSO/IAM integration for Magnolia 5.5, 5.6

This module delegates authentication - in addition to Magnolias builtin authentication mechanisms - to Keycloak.

This module delegates authentication - in addition to Magnolias builtin authentication mechanisms - to Keycloak.

Contributions welcome!

Installation

  • create a client in Keycloak with Direct Access Grants enabled
  • export the configuration in Keycloak OIDC JSON format from the Installation tab
  • save the configuration file into your projects classpath, i.e. src/main/resources/keycloak.json
  • configure src/main/webapp/WEB-INF/config/jaas.config to include the KeycloakAuthenticationModule:
magnolia {
  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional realm=system;

  org.sevensource.magnolia.keycloak.security.KeycloakLoginModuleAdapter requisite realm=external skip_on_previous_success=true;
  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};

Configuration

All additional configuration is stored in Magnolias JCR.

  • login into magnolia using the superuser account
  • go into Configurations App and navigate to /modules/keycloak-security/config and add your keycloakConfigFile, i.e. classpath:keycloak.json
  • the module features a RoleMapper, which maps Keycloak roles to Magnolia roles. It is configured in /modules/keycloak-security/config/roleMapper.
  • the module installs a UserManager into /server/security/userManagers/external which can be used as an extension point for customisation
You can’t perform that action at this time.