Search code examples
osgikeycloakapache-karafjaasjbossfuse

Apache Karaf/Fuse integration with Keycloak

I struggle with Keycloak integration on Karaf (4.2.8) and Fuse (7.5.0). I tried integration separately on both of them and no success.

In first case, I install Fuse (7.5.0) and next I add keycloak osgi features:

feature:repo-add mvn:org.keycloak/keycloak-osgi-features/8.0.1/xml/features
feature:install keycloak-jaas

Next, I add keycloak-direct-access.json file to etc with appropriate content. To check the keycloak integration for ssh, I change the org.apache.karaf.shell and set realm to keycloak. But afterwards, I am not able to connect via client.bat using keycloak credentials. it asks for the password (even if I provide the password in the command) and after 2-3 attempts it gives the following error:

No more authentication methods available

Besides of that, when I try to use jaas:realm-manage command to get keycloak user list, if does not work and gives the following error:

Can't get the list of users (no backing engine service found)

In the second case, I install Apache Karaf (4.2.8) and the almost the same steps as above. But there it also fails.

Additionally, I check the following documentation https://github.com/jboss-fuse/karaf-quickstarts/blob/7.x.redhat-7-x/security/keycloak/fuse-keycloak.adoc . Considering that documentation I do all steps right, but for some reason it fails.

For fuse installation, I checked the logs when I tried to connect via client, and I saw the following warning there

2020-02-13 10:06:45,808 | WARN | 56c97]-nio2-thread-1 | o.a.s.s.s.ServerSessionImpl | 185 - org.apache.sshd.core - 1.7.0 | exceptionCaught(ServerSessionImpl[null@/127.0.0.1:65456])[state=Opened] IOException: The specified network name is no longer available.

Any help is appreciated. Thanks in advance,

BR, Farid

Solution

  • For Fuse 7, the official quickstarts showing how to integrate Pax Web (the web layer in Fuse Karaf, based on pax-http-undertow) with Keycloak (and RH-SSO) are available in this Github repository.

    The quickstarts cover scenarios related to OSGi HTTP Service, Whiteboard Service, Camel and CXF.

    Additional documentation shows how to configure Keycloak instance and Fuse-Karaf itself, so SSH, JMX and Hawtio connections work with Keycloak.