Keycloak 是一个针对Web应用和 RESTful Web 服务提供 SSO 集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。目前用于实现 JBoss 与 Wildfly 通讯,但将来将为 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。
主要功能:
- SSO和单登出的浏览器应用程序
- 不需要编写代码就能够登录Social Broker. Enable Google, Facebook, Yahoo, Twitter
- 可选用户注册
- 密码和TOTP支持(通过谷歌的Authenticator)。客户端证书身份验证即将支持。
- 可自定义的主题为面向用户的页面
- OAuth Bearer token auth for REST Services
- Integrated Browser App to REST Service token propagation
- OAuth 2.0 Grant requests
- CORS 支持
- CORS Web Origin management and validation
- Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
- Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
- Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
- 支持JBoss AS7, EAP 6.x, 和 Wildfly 应用. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
- Javascript/HTML 5 adapter for pure Javascript apps
- Session management from admin console
- Revocation policies
- Password policies
- OpenID Connect 支持
参考资料
http://www.keycloak.org/documentation.html
时间: 2024-10-08 16:48:04