Keycloak 是一个针对Web应用和 RESTful Web 服务提供 SSO 集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。目前用于实现 JBoss 与 Wildfly 通讯,但将来将为 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。
主要功能:
-
SSO和单登出的浏览器应用程序
-
不需要编写代码就能够登录Social Broker. Enable Google, Facebook, Yahoo, Twitter
-
可选用户注册
-
密码和TOTP支持(通过谷歌的Authenticator)。客户端证书身份验证即将支持。
-
可自定义的主题为面向用户的页面
-
OAuth Bearer token auth for REST Services
-
Integrated Browser App to REST Service token propagation
-
OAuth 2.0 Grant requests
-
CORS 支持
-
CORS Web Origin management and validation
-
Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
-
Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
-
Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
-
支持JBoss AS7, EAP 6.x, 和 Wildfly 应用. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
-
Javascript/HTML 5 adapter for pure Javascript apps
-
Session management from admin console
-
Revocation policies
-
Password policies
-
OpenID Connect 支持