Skip to content

sevensource/magnolia-module-keycloak-security

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

GitHub Tag Maven Central License

magnolia-module-keycloak-security

Keycloak SSO/IAM integration for Magnolia 5.5, 5.6

This module delegates authentication - in addition to Magnolias builtin authentication mechanisms - to Keycloak.

This module delegates authentication - in addition to Magnolias builtin authentication mechanisms - to Keycloak.

Contributions welcome!

Installation

  • create a client in Keycloak with Direct Access Grants enabled
  • export the configuration in Keycloak OIDC JSON format from the Installation tab
  • save the configuration file into your projects classpath, i.e. src/main/resources/keycloak.json
  • configure src/main/webapp/WEB-INF/config/jaas.config to include the KeycloakAuthenticationModule:
magnolia {
  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional realm=system;

  org.sevensource.magnolia.keycloak.security.KeycloakLoginModuleAdapter requisite realm=external skip_on_previous_success=true;
  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};

Configuration

All additional configuration is stored in Magnolias JCR.

  • login into magnolia using the superuser account
  • go into Configurations App and navigate to /modules/keycloak-security/config and add your keycloakConfigFile, i.e. classpath:keycloak.json
  • the module features a RoleMapper, which maps Keycloak roles to Magnolia roles. It is configured in /modules/keycloak-security/config/roleMapper.
  • the module installs a UserManager into /server/security/userManagers/external which can be used as an extension point for customisation

About

Keycloak SSO integration for Magnolia CMS 5.5, 5.6

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages