From 43b70a81a1624cadb927f3ceaca627fbb856e47a Mon Sep 17 00:00:00 2001 From: fjuma Date: Fri, 8 Dec 2023 22:53:55 +0000 Subject: [PATCH] Deploy to fjuma/wildfly-elytron gh-pages branch - Fri Dec 8 22:53:55 UTC 2023 --- .../index.html | 332 ++++++++ blog/index.html | 318 ++++---- blog/page/10/index.html | 300 ++++---- blog/page/11/index.html | 306 ++++---- blog/page/12/index.html | 157 ++++ blog/page/2/index.html | 310 ++++---- blog/page/3/index.html | 308 ++++---- blog/page/4/index.html | 306 ++++---- blog/page/5/index.html | 298 ++++---- blog/page/6/index.html | 300 ++++---- blog/page/7/index.html | 302 ++++---- blog/page/8/index.html | 286 +++---- blog/page/9/index.html | 282 +++---- .../index.html | 685 +++++++++++++++++ .../index.html | 5 +- .../index.html | 311 ++++++++ blog/tag/acme/index.html | 4 + blog/tag/adapter/index.html | 4 + blog/tag/aes/index.html | 4 + blog/tag/algorithm/index.html | 4 + blog/tag/ama/index.html | 4 + blog/tag/anomaly-detection/index.html | 4 + blog/tag/audit-logging/index.html | 52 ++ blog/tag/auth0/index.html | 712 ++++++++++++++++++ blog/tag/authentication/index.html | 4 + blog/tag/authorization/index.html | 4 + blog/tag/basic/index.html | 4 + blog/tag/bearer/index.html | 4 + blog/tag/certificate/index.html | 4 + blog/tag/cli/index.html | 4 + blog/tag/client-cert/index.html | 4 + blog/tag/client-config/index.html | 4 + blog/tag/client/index.html | 4 + blog/tag/console/index.html | 4 + blog/tag/credential-store/index.html | 4 + blog/tag/custom-component/index.html | 4 + blog/tag/custom-principal/index.html | 4 + blog/tag/default-ssl-context/index.html | 4 + blog/tag/delegation/index.html | 4 + blog/tag/digest/index.html | 4 + blog/tag/distributed-realm/index.html | 54 ++ blog/tag/dynamic/index.html | 4 + blog/tag/ejb/index.html | 14 +- blog/tag/encoding/index.html | 52 ++ blog/tag/encryption/index.html | 4 + blog/tag/expression/index.html | 4 + blog/tag/external/index.html | 4 + blog/tag/factory/index.html | 4 + blog/tag/failover-realm/index.html | 4 + blog/tag/faq/index.html | 4 + blog/tag/filesystem-realm/index.html | 54 ++ blog/tag/filesystem/index.html | 4 + blog/tag/galleon-pack/index.html | 4 + blog/tag/galleon/index.html | 4 + blog/tag/ghc/index.html | 4 + blog/tag/ghc22/index.html | 4 + blog/tag/ghc23/index.html | 4 + blog/tag/git-persistence/index.html | 4 + blog/tag/git-tips/index.html | 4 + blog/tag/github/index.html | 4 + blog/tag/hacktoberfest/index.html | 4 + blog/tag/hash/index.html | 4 + blog/tag/http/index.html | 4 + blog/tag/https/index.html | 4 + blog/tag/identity/index.html | 14 +- blog/tag/integrity/index.html | 4 + blog/tag/intrusion-detection/index.html | 4 + blog/tag/jaas/index.html | 4 + blog/tag/jaspi/index.html | 4 + blog/tag/java/index.html | 4 + blog/tag/jetty/index.html | 4 + blog/tag/jvm/index.html | 4 + blog/tag/kerberos/index.html | 4 + blog/tag/keycloak/index.html | 4 + blog/tag/keystore/index.html | 4 + blog/tag/ldap/index.html | 54 ++ blog/tag/lets-encrypt/index.html | 4 + blog/tag/login-context/index.html | 4 + blog/tag/login-module/index.html | 4 + blog/tag/machine-learning/index.html | 4 + blog/tag/management-model/index.html | 4 + blog/tag/management/index.html | 4 + blog/tag/migration/index.html | 4 + blog/tag/netty/index.html | 4 + blog/tag/oath2/index.html | 4 + blog/tag/oidc/index.html | 64 +- blog/tag/openshift/index.html | 54 ++ blog/tag/opensource/index.html | 4 + blog/tag/opensourceday/index.html | 4 + blog/tag/openssl/index.html | 4 + blog/tag/osd/index.html | 4 + blog/tag/peer/index.html | 4 + blog/tag/permissions/index.html | 4 + blog/tag/planning/index.html | 4 + blog/tag/principal-decoder/index.html | 4 + blog/tag/principal-propagation/index.html | 4 + blog/tag/principal-transformer/index.html | 4 + blog/tag/principal/index.html | 4 + blog/tag/propagation/index.html | 14 +- blog/tag/properties/index.html | 4 + blog/tag/provider/index.html | 4 + blog/tag/realm-mapper/index.html | 4 + blog/tag/realm/index.html | 4 + blog/tag/recap/index.html | 4 + blog/tag/release/index.html | 4 + blog/tag/remote/index.html | 4 + blog/tag/resteasy/index.html | 4 + blog/tag/rfc/index.html | 4 + blog/tag/role-mapper/index.html | 4 + blog/tag/rule-engine/index.html | 4 + blog/tag/saml/index.html | 4 + blog/tag/sasl/index.html | 4 + blog/tag/security-events/index.html | 4 + blog/tag/security-realm/index.html | 4 + blog/tag/sha-256/index.html | 4 + blog/tag/sha-512-256/index.html | 4 + blog/tag/sni/index.html | 4 + blog/tag/spi/index.html | 4 + blog/tag/spnego/index.html | 4 + blog/tag/ssh/index.html | 4 + blog/tag/ssl-context/index.html | 4 + blog/tag/ssl/index.html | 4 + blog/tag/sso/index.html | 4 + blog/tag/tls/index.html | 4 + blog/tag/token/index.html | 4 + blog/tag/tool/index.html | 4 + blog/tag/trust-manager/index.html | 4 + blog/tag/truststore/index.html | 4 + blog/tag/undertow/index.html | 4 + blog/tag/updates/index.html | 4 + blog/tag/ux/index.html | 4 + blog/tag/vault/index.html | 4 + blog/tag/vlog/index.html | 4 + blog/tag/webservices/index.html | 4 + blog/tag/x509/index.html | 4 + .../index.html | 18 +- feed.xml | 88 +-- 137 files changed, 4768 insertions(+), 1714 deletions(-) create mode 100644 blog/distributed-realm-ignore-unavailable-realms/index.html create mode 100644 blog/securing-wildfly-apps-auth0-openshift/index.html create mode 100644 blog/specify-file-audit-log-encoding/index.html create mode 100644 blog/tag/auth0/index.html diff --git a/blog/distributed-realm-ignore-unavailable-realms/index.html b/blog/distributed-realm-ignore-unavailable-realms/index.html new file mode 100644 index 0000000000..fe02c6dc80 --- /dev/null +++ b/blog/distributed-realm-ignore-unavailable-realms/index.html @@ -0,0 +1,332 @@ + + + + + + Elytron: Using distributed realm ignore-unavailable-realms attribute in Elytron + + + + + + + + + + + + + + + + + +Using distributed realm ignore-unavailable-realms attribute in Elytron | WildFly Elytron + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +

WildFly Elytron

 + +
+ +
+
+
+

WildFly Elytron

+ +
+
+
+ +
+
+
+

Using distributed realm ignore-unavailable-realms attribute in Elytron

+
+
+ + + + +

+ By Lukas Vydra | November 20, 2023 +
+ + + #distributed-realm + + #filesystem-realm + + #ldap + + +

+
+ +
+
+
+
+

A distributed-realm is made up of a list of realms. Each realm in the list is sequentially attempted until we either find the user or run out of realms. If a realm happens to be unavailable, by default search is stopped altogether. With the introduction of the ignore-unavailable-realms boolean attribute to a distributed-realm, user is allowed to specify that the search should continue to the next realm if a realm happens to be unavailable.

+
+
+

Add a distributed realm with ignore-unavailable-realms attribute

+
+
+

You can configure a distributed-realm to continue to the next realm if a realm happens to be unavailable by adding the ignore-unavailable-realms boolean attribute next to specifying the list of realms to combine.

+
+
+
    +
  • +

    realms list of realms in the order they should be queried

    +
    • +
  • +

    ignore-unavailable-realms whether subsequent realms should be checked after an unavailable realm is reached. The default value is false.

    +
    • +
+
+
+
+
/subsystem=elytron/distributed-realm=distributedRealmExample:add(realms=securityRealm1,securityRealm2,...,securityRealmN], ignore-unavailable-realms=true)
+
+
+
+

If a security realm becomes unavailable for some reason and if ignore-unavailable-realms is true, any subsequent realms will still be checked. +If ignore-unavailable-realms is true and the searched identity happens to be stored in the unavailable realm, authentication fails, and we will receive a 401 response.

+
+
+
+
+

Example

+
+
+

In the following example, we will add two separate filesystem security realms with different users and one unavailable LDAP security realm between them combined in the distributed realm.

+
+
+
+
# Add first filesystem realm with user1
+/subsystem=elytron/filesystem-realm=FsRealm1:add(path=demofs-realm-users1,relative-to=jboss.server.config.dir)
+/subsystem=elytron/filesystem-realm=FsRealm1:add-identity(identity=user1)
+/subsystem=elytron/filesystem-realm=FsRealm1:set-password(identity=user1,clear={password="passwordUser1"})
+/subsystem=elytron/filesystem-realm=FsRealm1:add-identity-attribute(identity=user1,name=Roles, value=["Admin"])
+
+# Add second filesystem realm with user2
+/subsystem=elytron/filesystem-realm=FsRealm2:add(path=demofs-realm-users2,relative-to=jboss.server.config.dir)
+/subsystem=elytron/filesystem-realm=FsRealm2:add-identity(identity=user2)
+/subsystem=elytron/filesystem-realm=FsRealm2:set-password(identity=user2,clear={password="passwordUser2"})
+/subsystem=elytron/filesystem-realm=FsRealm2:add-identity-attribute(identity=user2,name=Roles, value=["Admin"])
+
+# Add LDAP realm
+/subsystem=elytron/dir-context=exampleDC:add(url="ldap://172.17.0.2:389",principal="cn=admin,dc=wildfly,dc=org",credential-reference={clear-text="admin"})
+/subsystem=elytron/ldap-realm=LdapRealm:add(dir-context=exampleDC,identity-mapping={search-base-dn="ou=Users,dc=wildfly,dc=org",rdn-identifier="uid",user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=wildfly,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})
+
+# Add distributed realm that combines both filesystem realms and set ignore-unavailable-realms attribute to true
+/subsystem=elytron/distributed-realm=distributedRealm:add(realms=[FsRealm1, LdapRealm, FsRealm2], ignore-unavailable-realms=true)
+
+
+
+

Next we will add security domain that uses this distributed realm:

+
+
+
+
# Add security domain distributedSD that uses distributedRealm
+/subsystem=elytron/security-domain=distributedSD:add(default-realm=distributedRealm,permission-mapper=default-permission-mapper,realms=[{realm=distributedRealm}])
+
+
+
+

As you can see accessing both user1 and user2 is possible even if LDAP security realm is unavailable:

+
+
+
+
/subsystem=elytron/security-domain=distributedSD:read-identity(name=user1)
+
+{
+    "outcome" => "success",
+    "result" => {
+        "name" => "user1",
+        "attributes" => {"Roles" => ["Admin"]},
+        "roles" => ["Admin"]
+    }
+}
+
+/subsystem=elytron/security-domain=distributedSD:read-identity(name=user2)
+
+{
+    "outcome" => "success",
+    "result" => {
+        "name" => "user2",
+        "attributes" => {"Roles" => ["Admin"]},
+        "roles" => ["Admin"]
+    }
+}
+
+
+
+

Undertow can also be configured to use this security domain to secure deployed applications.

+
+
+
+
# Configure undertow to use distributedSD security domain
+/subsystem=undertow/application-security-domain=httpSD:add(security-domain=distributedSD)
+
+
+
+

When you deploy an application that uses this security domain, users from both realms can successfully authorize to access it. To see an example with simple secured servlet that uses above distributed realm you can take a look here: https://github.com/wildfly-security-incubator/elytron-examples/tree/master/distributed-realm-ignore-unavailable-realms.

+
+
+
+
+

Summary

+
+
+

This blog post has given an overview of configuring distributed-realm in Elytron subsystem to ignore unavailable realms. +You can take a look at a following example https://github.com/wildfly-security-incubator/elytron-examples/tree/master/distributed-realm-ignore-unavailable-realms for more information.

+
+
+
+
+
+
+
+ +
+
+
+
+ + diff --git a/blog/index.html b/blog/index.html index 966db09efd..0e288de5f8 100644 --- a/blog/index.html +++ b/blog/index.html @@ -164,24 +164,22 @@
- Identity Propagation with OIDC + Securing WildFly Apps with Auth0 on OpenShift
- + -

By Farah Juma +

By Ashwin Mehendale
- November 15, 2023 | + December 08, 2023 | #oidc - #identity - - #propagation + #openshift - #ejb + #auth0 @@ -189,54 +187,50 @@

-

Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OIDC.

+

Learn how to secure applications deployed to WildFly on OpenShift with the Auth0 OpenID provider.

-
Read More ›
+
Read More ›
- Securing WildFly Apps with OIDC on OpenShift + Using distributed realm ignore-unavailable-realms attribute in Elytron
- + -

By Ashwin Mehendale +

By Lukas Vydra
- November 08, 2023 | + November 20, 2023 | - #oidc - - #openshift - - #keycloak + #distributed-realm - #adapter + #filesystem-realm - #galleon-pack + #ldap @@ -244,52 +238,52 @@

-

Learn how to secure applications deployed to WildFly on OpenShift with OIDC.

+

An example of distributed realm ignore-unavailable-realms attribute usage in WildFly.

-
Read More ›
+
Read More ›
- Adding Support for Integrity Checking to an Existing Filesystem Realm + Identity Propagation with OpenID Connect
- + -

By Prarthona Paul +

By Farah Juma
- November 02, 2023 | + November 15, 2023 | - #filesystem + #oidc - #integrity + #identity - #filesystem-realm + #propagation - #tool + #ejb @@ -297,54 +291,48 @@

-

How to add Integrity checking to an existing filesystem realm using the Elytron tool.

+

Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OpenID Connect.

-
Read More ›
+
Read More ›
- Open Source Day 2023 Recap + Change the default encoding of the audit log file in WildFly
- + -

By Diana Krepinska Vilkolakova +

By Ilia Vassilev
- October 19, 2023 | + November 14, 2023 | - #opensource - - #ghc23 - - #opensourceday + #audit-logging - #osd - - #ghc + #encoding @@ -352,52 +340,54 @@

-

A recap of the GHC23 Open Source Day.

+

An overview of how to change the default encoding of the audit log file.

-
Read More ›
+
Read More ›
- Vlog: Join us at Open Source Day on September 22, 2023 and Make Meaningful Contributions + Securing WildFly Apps with OIDC on OpenShift
- + -

By Sonia Zaldana Calles +

By Ashwin Mehendale
- September 13, 2023 | + November 08, 2023 | - #ghc + #oidc - #ghc23 + #openshift - #osd + #keycloak - #opensourceday + #adapter + + #galleon-pack @@ -405,35 +395,35 @@

-

Check out this short video to learn how you can join the WildFly Elytron project and make meaningful contributions to the open source community!

+

Learn how to secure applications deployed to WildFly on OpenShift with OIDC.

-
Watch Video ›
+
Read More ›
- Vlog: Join us at Open Source Day and Level Up Your Skills + Adding Support for Integrity Checking to an Existing Filesystem Realm
@@ -441,16 +431,16 @@

By Prarthona Paul
- September 07, 2023 | + November 02, 2023 | - #ghc + #filesystem - #ghc23 + #integrity - #osd + #filesystem-realm - #opensourceday + #tool @@ -458,54 +448,54 @@

-

Check out this 1 minute video to learn how you can contribute to the WildFly Elytron project and level up your skills in Java, git and more!

+

How to add Integrity checking to an existing filesystem realm using the Elytron tool.

-
Watch Video ›
+
Read More ›
- Securing WildFly Apps with SAML on OpenShift + Open Source Day 2023 Recap
- + -

By Farah Juma +

By Diana Krepinska Vilkolakova
- September 06, 2023 | + October 19, 2023 | - #saml + #opensource - #openshift + #ghc23 - #keycloak + #opensourceday - #adapter + #osd - #galleon-pack + #ghc @@ -513,43 +503,43 @@

-

Learn how to secure applications deployed to WildFly on OpenShift with SAML.

+

A recap of the GHC23 Open Source Day.

-
Read More ›
+
Read More ›
- Vlog: Join us at Open Source Day, No Prior Experience Needed + Vlog: Join us at Open Source Day on September 22, 2023 and Make Meaningful Contributions
- + -

By Diana Krepinska Vilkolakova +

By Sonia Zaldana Calles
- September 06, 2023 | + September 13, 2023 | #ghc @@ -566,43 +556,43 @@

-

Check out this 1 minute video to learn why anyone can contribute to the WildFly Elytron project, regardless of prior experience.

+

Check out this short video to learn how you can join the WildFly Elytron project and make meaningful contributions to the open source community!

-
Watch Video ›
+
Watch Video ›
- Vlog: Begin your Open Source Journey with the WildFly Elytron Project at Open Source Day + Vlog: Join us at Open Source Day and Level Up Your Skills
- + -

By Farah Juma +

By Prarthona Paul
- August 29, 2023 | + September 07, 2023 | #ghc @@ -619,35 +609,35 @@

-

Check out this 2 minute video to learn why joining the WildFly Elytron project at Open Source Day could be the perfect opportunity for you.

+

Check out this 1 minute video to learn how you can contribute to the WildFly Elytron project and level up your skills in Java, git and more!

-
Watch Video ›
+
Watch Video ›
- Securing the WildFly Management Console with OpenID Connect + Securing WildFly Apps with SAML on OpenShift
@@ -655,67 +645,71 @@

By Farah Juma
- July 24, 2023 | + September 06, 2023 | - #oidc - - #management + #saml - #console + #openshift #keycloak + #adapter + + #galleon-pack +

-

An overview of how to secure the WildFly management console with the Keycloak OpenID provider.

+

Learn how to secure applications deployed to WildFly on OpenShift with SAML.

-
Read More ›
+
Read More ›
- Using Certificate Based Authentication with Mutual TLS without Roles + Vlog: Join us at Open Source Day, No Prior Experience Needed
- + -

By Prarthona Paul +

By Diana Krepinska Vilkolakova
- June 26, 2023 | + September 06, 2023 | - #authentication + #ghc - #client-cert + #ghc23 + + #osd - #tls + #opensourceday @@ -723,29 +717,29 @@

-

How to secure a web application deployed to WildFly with mutual TLS and the CLIENT_CERT HTTP authentication mechanism.

+

Check out this 1 minute video to learn why anyone can contribute to the WildFly Elytron project, regardless of prior experience.

-
Read More ›
+
Watch Video ›
@@ -797,6 +791,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/10/index.html b/blog/page/10/index.html index 4f5fbea639..8cb0c0c702 100644 --- a/blog/page/10/index.html +++ b/blog/page/10/index.html @@ -163,6 +163,153 @@
+
+
+ What's new in Elytron in WildFly 16 +
+
+ + + +

By Farah Juma +
+ February 28, 2019 | + + + #release + + + +

+
+ +
+
+
+ +

An overview of the new Elytron features in WildFly 16.

+ +
+
Read More ›
+
+ + +
+
+ HTTP Basic Authentication in silent mode with Wildfly Elytron +
+
+ + + +

By Diana Krepinska Vilkolakova +
+ February 28, 2019 | + + + #http + + #authentication + + + +

+
+ +
+
+
+ +

How to set and make use of silent mode for the HTTP BASIC authentication mechanism.

+ +
+
Read More ›
+
+ + +
+
+ Converting Legacy Properties Files into a FileSystemRealm with Elytron Tool +
+
+ +

By Justin Cook +
+ February 28, 2019 | + + + #migration + + #tool + + #filesystem-realm + + #properties + + + +

+
+ +
+
+
+ +

An overview of how to use Elytron Tool to convert legacy properties files into an Elytron FileSystemRealm.

+ +
+
Read More ›
+
+ +
Implementing a custom Elytron principal transformer @@ -568,155 +715,6 @@
Read More ›
- -
-
- Reinitializing a Trust Manager through a Two-Way SSL -
-
- -

By Justin Cook -
- August 31, 2018 | - - - #ldap - - #trust-manager - - #ssl - - #tls - - - -

-
- -
-
-
- -

An overview on how to dynamically reload trust managers using the WildFly CLI.

- -
-
Read More ›
-
- - -
-
- Obtaining and managing certificates from Let’s Encrypt using the WildFly CLI -
-
- - - -

By Farah Juma -
- August 31, 2018 | - - - #ssl - - #lets-encrypt - - #certificate - - #tls - - - -

-
- -
-
-
- -

An overview on how to obtain and manage certificates from the Let’s Encrypt certificate authority using the WildFly CLI.

- -
-
Read More ›
-
- - -
-
- Creating custom security realm for WildFly Elytron -
-
- -

By Honza Kalina -
- June 06, 2018 | - - - #custom-component - - - -

-
- -
-
-
- -

This blog post describes how to create a custom security realm for Elytron.

- -
-
Read More ›
-
-
@@ -768,6 +766,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/11/index.html b/blog/page/11/index.html index a44fc317fd..6e95bfe823 100644 --- a/blog/page/11/index.html +++ b/blog/page/11/index.html @@ -163,6 +163,155 @@
+
+
+ Reinitializing a Trust Manager through a Two-Way SSL +
+
+ +

By Justin Cook +
+ August 31, 2018 | + + + #ldap + + #trust-manager + + #ssl + + #tls + + + +

+
+ +
+
+
+ +

An overview on how to dynamically reload trust managers using the WildFly CLI.

+ +
+
Read More ›
+
+ + +
+
+ Obtaining and managing certificates from Let’s Encrypt using the WildFly CLI +
+
+ + + +

By Farah Juma +
+ August 31, 2018 | + + + #ssl + + #lets-encrypt + + #certificate + + #tls + + + +

+
+ +
+
+
+ +

An overview on how to obtain and manage certificates from the Let’s Encrypt certificate authority using the WildFly CLI.

+ +
+
Read More ›
+
+ + +
+
+ Creating custom security realm for WildFly Elytron +
+
+ +

By Honza Kalina +
+ June 06, 2018 | + + + #custom-component + + + +

+
+ +
+
+
+ +

This blog post describes how to create a custom security realm for Elytron.

+ +
+
Read More ›
+
+ +
Configuring permissions using Elytron in WildFly 13 @@ -542,159 +691,6 @@
Read More ›
- -
-
- OpenSSL support with WildFly -
-
- -

By Stuart Douglas -
- October 06, 2017 | - - - #openssl - - #ssl - - #tls - - - -

-
- -
-
-
- -

A blog post describing how to use OpenSSL in WildFly.

- -
-
Read More ›
-
- - -
-
- How to use an Elytron SASL mechanism that supports channel binding -
-
- - - -

By Farah Juma -
- September 28, 2017 | - - - #ssl - - #sasl - - #tls - - - -

-
- -
-
-
- -

This blog post shows how to set up one-way SSL/TLS for the management interface and how to then use a SASL mechanism that supports channel binding to connect to the CLI.

- -
-
Read More ›
-
- - -
-
- WildFly Elytron - Add Kerberos Authentication To Existing Web Application -
-
- - - -

By Darran Lofthouse -
- September 26, 2017 | - - - #basic - - #kerberos - - #spnego - - #undertow - - - -

-
- -
-
-
- -

A blog post describing how to override the authentication policy of an existing web application and add SPNEGO authentication to it.

- -
-
Read More ›
-
-
@@ -746,6 +742,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/12/index.html b/blog/page/12/index.html index 0b5b6a5b30..94e45e6b52 100644 --- a/blog/page/12/index.html +++ b/blog/page/12/index.html @@ -162,6 +162,159 @@
+
+
+ OpenSSL support with WildFly +
+
+ +

By Stuart Douglas +
+ October 06, 2017 | + + + #openssl + + #ssl + + #tls + + + +

+
+ +
+
+
+ +

A blog post describing how to use OpenSSL in WildFly.

+ +
+
Read More ›
+
+ + +
+
+ How to use an Elytron SASL mechanism that supports channel binding +
+
+ + + +

By Farah Juma +
+ September 28, 2017 | + + + #ssl + + #sasl + + #tls + + + +

+
+ +
+
+
+ +

This blog post shows how to set up one-way SSL/TLS for the management interface and how to then use a SASL mechanism that supports channel binding to connect to the CLI.

+ +
+
Read More ›
+
+ + +
+
+ WildFly Elytron - Add Kerberos Authentication To Existing Web Application +
+
+ + + +

By Darran Lofthouse +
+ September 26, 2017 | + + + #basic + + #kerberos + + #spnego + + #undertow + + + +

+
+ +
+
+
+ +

A blog post describing how to override the authentication policy of an existing web application and add SPNEGO authentication to it.

+ +
+
Read More ›
+
+ +
Using WildFly Elytron with Undertow Standalone @@ -463,6 +616,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/2/index.html b/blog/page/2/index.html index 04537008ee..5161050cf8 100644 --- a/blog/page/2/index.html +++ b/blog/page/2/index.html @@ -163,6 +163,163 @@
+
+
+ Vlog: Begin your Open Source Journey with the WildFly Elytron Project at Open Source Day +
+
+ + + +

By Farah Juma +
+ August 29, 2023 | + + + #ghc + + #ghc23 + + #osd + + #opensourceday + + + +

+
+ +
+
+
+ +

Check out this 2 minute video to learn why joining the WildFly Elytron project at Open Source Day could be the perfect opportunity for you.

+ +
+
Watch Video ›
+
+ + +
+
+ Securing the WildFly Management Console with OpenID Connect +
+
+ + + +

By Farah Juma +
+ July 24, 2023 | + + + #oidc + + #management + + #console + + #keycloak + + + +

+
+ +
+
+
+ +

An overview of how to secure the WildFly management console with the Keycloak OpenID provider.

+ +
+
Read More ›
+
+ + +
+
+ Using Certificate Based Authentication with Mutual TLS without Roles +
+
+ + + +

By Prarthona Paul +
+ June 26, 2023 | + + + #authentication + + #client-cert + + #tls + + + +

+
+ +
+
+
+ +

How to secure a web application deployed to WildFly with mutual TLS and the CLIENT_CERT HTTP authentication mechanism.

+ +
+
Read More ›
+
+ +
Configuring the Digest mechanism to make use of additional algorithms @@ -572,155 +729,6 @@
Read More ›
- -
-
- Open Source Day 2022 Recap -
-
- - - -

By Farah Juma -
- October 14, 2022 | - - - #opensource - - #ghc22 - - #opensourceday - - - -

-
- -
-
-
- -

A recap of the GHC22 Open Source Day.

- -
-
Read More ›
-
- - -
-
- Hacktoberfest Has Started -
-
- - - -

By Farah Juma -
- October 07, 2022 | - - - #hacktoberfest - - #opensource - - - -

-
- -
-
-
- -

All the details on how to get started, pick an issue to work on, and submit your first PR.

- -
-
Read More ›
-
- - -
-
- FAQ for New Contributors -
-
- - - -

By Farah Juma -
- September 01, 2022 | - - - #faq - - #opensource - - - -

-
- -
-
-
- -

Answers to frequently asked questions from new contributors.

- -
-
Read More ›
-
-
@@ -772,6 +780,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/3/index.html b/blog/page/3/index.html index 9759d1b8fe..5a192ec4ab 100644 --- a/blog/page/3/index.html +++ b/blog/page/3/index.html @@ -163,6 +163,155 @@
+
+
+ Open Source Day 2022 Recap +
+
+ + + +

By Farah Juma +
+ October 14, 2022 | + + + #opensource + + #ghc22 + + #opensourceday + + + +

+
+ +
+
+
+ +

A recap of the GHC22 Open Source Day.

+ +
+
Read More ›
+
+ + +
+
+ Hacktoberfest Has Started +
+
+ + + +

By Farah Juma +
+ October 07, 2022 | + + + #hacktoberfest + + #opensource + + + +

+
+ +
+
+
+ +

All the details on how to get started, pick an issue to work on, and submit your first PR.

+ +
+
Read More ›
+
+ + +
+
+ FAQ for New Contributors +
+
+ + + +

By Farah Juma +
+ September 01, 2022 | + + + #faq + + #opensource + + + +

+
+ +
+
+
+ +

Answers to frequently asked questions from new contributors.

+ +
+
Read More ›
+
+ +
Bearer Token Support for the Elytron OIDC Client Subsystem @@ -576,161 +725,6 @@
Read More ›
- -
-
- Client side default SSL context provider -
-
- - - -

By Diana Krepinska Vilkolakova -
- April 19, 2022 | - - - #ssl - - #tls - - #ssl-context - - #client - - #client-config - - #provider - - - -

-
- -
-
-
- -

An overview of the Elytron client default SSL context provider.

- -
-
Read More ›
-
- - -
-
- Vlog: Securing a WildFly Application with OpenID Connect on OpenShift -
-
- - - -

By Farah Juma -
- March 29, 2022 | - - - #oidc - - #openshift - - #vlog - - - -

-
- -
-
-
- -

This video demonstrates how to secure an application deployed to WildFly on OpenShift with OpenID Connect.

- -
-
Watch Video ›
-
- - -
-
- Multi-tenancy Support for OpenID Connect Applications -
-
- - - -

By Farah Juma -
- January 21, 2022 | - - - #oidc - - - -

-
- -
-
-
- -

An overview of multi-tenancy support for OpenID Connect applications deployed to WildFly.

- -
-
Read More ›
-
-
@@ -782,6 +776,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/4/index.html b/blog/page/4/index.html index d16c1a0495..de51844e52 100644 --- a/blog/page/4/index.html +++ b/blog/page/4/index.html @@ -163,6 +163,161 @@
+
+
+ Client side default SSL context provider +
+
+ + + +

By Diana Krepinska Vilkolakova +
+ April 19, 2022 | + + + #ssl + + #tls + + #ssl-context + + #client + + #client-config + + #provider + + + +

+
+ +
+
+
+ +

An overview of the Elytron client default SSL context provider.

+ +
+
Read More ›
+
+ + +
+
+ Vlog: Securing a WildFly Application with OpenID Connect on OpenShift +
+
+ + + +

By Farah Juma +
+ March 29, 2022 | + + + #oidc + + #openshift + + #vlog + + + +

+
+ +
+
+
+ +

This video demonstrates how to secure an application deployed to WildFly on OpenShift with OpenID Connect.

+ +
+
Watch Video ›
+
+ + +
+
+ Multi-tenancy Support for OpenID Connect Applications +
+
+ + + +

By Farah Juma +
+ January 21, 2022 | + + + #oidc + + + +

+
+ +
+
+
+ +

An overview of multi-tenancy support for OpenID Connect applications deployed to WildFly.

+ +
+
Read More ›
+
+ +
Upcoming filesystem realm encryption and integrity support in Elytron @@ -574,153 +729,6 @@
Read More ›
- -
-
- Hacktoberfest Has Begun -
-
- - - -

By Farah Juma -
- October 05, 2021 | - - - #opensource - - #hacktoberfest - - - -

-
- -
-
-
- -

An overview of the WildFly Elytron project's participation in Hacktoberfest.

- -
-
Read More ›
-
- - -
-
- Open Source Day Summer 2021 Recap -
-
- - - -

By Farah Juma -
- July 22, 2021 | - - - #opensource - - - -

-
- -
-
-
- -

A recap of Open Source Day and what first time contributors to the WildFly Elytron project had to say.

- -
-
Read More ›
-
- - -
-
- Installing Keycloak OIDC adaptor using the Galleon CLI -
-
- - - -

By Darran Lofthouse -
- July 01, 2021 | - - - #galleon - - #oidc - - #keycloak - - - -

-
- -
-
-
- -

How to make use of the Galleon CLI to install the Keycloak OpenID Connect adaptor.

- -
-
Read More ›
-
-
@@ -772,6 +780,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/5/index.html b/blog/page/5/index.html index 4e0abf2670..03f0f4f17f 100644 --- a/blog/page/5/index.html +++ b/blog/page/5/index.html @@ -163,6 +163,153 @@
+
+
+ Hacktoberfest Has Begun +
+
+ + + +

By Farah Juma +
+ October 05, 2021 | + + + #opensource + + #hacktoberfest + + + +

+
+ +
+
+
+ +

An overview of the WildFly Elytron project's participation in Hacktoberfest.

+ +
+
Read More ›
+
+ + +
+
+ Open Source Day Summer 2021 Recap +
+
+ + + +

By Farah Juma +
+ July 22, 2021 | + + + #opensource + + + +

+
+ +
+
+
+ +

A recap of Open Source Day and what first time contributors to the WildFly Elytron project had to say.

+ +
+
Read More ›
+
+ + +
+
+ Installing Keycloak OIDC adaptor using the Galleon CLI +
+
+ + + +

By Darran Lofthouse +
+ July 01, 2021 | + + + #galleon + + #oidc + + #keycloak + + + +

+
+ +
+
+
+ +

How to make use of the Galleon CLI to install the Keycloak OpenID Connect adaptor.

+ +
+
Read More ›
+
+ +
Using hash character sets and encodings in Elytron @@ -570,153 +717,6 @@
Read More ›
- -
-
- Normalize principal propagation/injection across elytron and legacy -
-
- - - -

By Diana Krepinska Vilkolakova -
- March 19, 2021 | - - - #ejb - - #principal-propagation - - #authentication - - - -

-
- -
-
-
- -

An overview of the new configuration option in the EJB subsystem that allows to switch between legacy and elytron principal propagation

- -
-
Read More ›
-
- - -
-
- Upcoming SSL features: Multiple certificate revocation lists support and SSLv2Hello support -
-
- - - -

By Sonia Zaldana Calles -
- March 19, 2021 | - - - #ssl - - #certificate - - - -

-
- -
-
-
- -

An overview of the upcoming SSL/TLS features including the ability to configure multiple certificate revocation lists and SSLv2Hello support.

- -
-
Read More ›
-
- - -
-
- New Security Features in WildFly 23 -
-
- - - -

By Farah Juma -
- March 19, 2021 | - - - #release - - - -

-
- -
-
-
- -

An overview of the new security features in WildFly 23.

- -
-
Read More ›
-
-
@@ -768,6 +768,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/6/index.html b/blog/page/6/index.html index 274233f255..d601494959 100644 --- a/blog/page/6/index.html +++ b/blog/page/6/index.html @@ -165,7 +165,7 @@
- Upcoming automatic registration of client side default SSLContext + Normalize principal propagation/injection across elytron and legacy
@@ -176,11 +176,11 @@ March 19, 2021 | - #default-ssl-context + #ejb - #client + #principal-propagation - #jvm + #authentication @@ -188,46 +188,48 @@
-

An overview of the upcoming automatic registration of client side JVM wide default SSLContext

+

An overview of the new configuration option in the EJB subsystem that allows to switch between legacy and elytron principal propagation

-
Read More ›
+
Read More ›
- Planned Security Features for WildFly + Upcoming SSL features: Multiple certificate revocation lists support and SSLv2Hello support
- + -

By Farah Juma +

By Sonia Zaldana Calles
- January 22, 2021 | + March 19, 2021 | - #planning + #ssl + + #certificate @@ -235,35 +237,35 @@

-

An overview of the new security features that we will be working on.

+

An overview of the upcoming SSL/TLS features including the ability to configure multiple certificate revocation lists and SSLv2Hello support.

-
Read More ›
+
Read More ›
- Automatic Self-Signed Certificate Generation with Elytron + New Security Features in WildFly 23
@@ -271,12 +273,10 @@

By Farah Juma
- January 14, 2021 | + March 19, 2021 | - #tls - - #certificate + #release @@ -284,46 +284,50 @@

-

An overview of the new automatic self-signed certificate generation included in WildFly 22.

+

An overview of the new security features in WildFly 23.

-
Read More ›
+
Read More ›
- Using case principal transformers in Elytron + Upcoming automatic registration of client side default SSLContext
- + -

By Sonia Zaldana Calles +

By Diana Krepinska Vilkolakova
- January 12, 2021 | + March 19, 2021 | - #principal-transformer + #default-ssl-context + + #client + + #jvm @@ -331,35 +335,35 @@

-

An overview of the new case principal transformer included in WildFly 22.

+

An overview of the upcoming automatic registration of client side JVM wide default SSLContext

-
Read More ›
+
Read More ›
- TLS 1.3 support for WildFly with OpenSSL + Planned Security Features for WildFly
@@ -367,14 +371,10 @@

By Farah Juma
- October 14, 2020 | + January 22, 2021 | - #tls - - #ssl - - #openssl + #planning @@ -382,50 +382,48 @@

-

An overview of the new TLS 1.3 support included in WildFly 21.

+

An overview of the new security features that we will be working on.

-
Read More ›
+
Read More ›
- SSH Authentication with Git Persistence + Automatic Self-Signed Certificate Generation with Elytron
- + -

By Ashley Abdel-Sayed +

By Farah Juma
- October 14, 2020 | + January 14, 2021 | - #client - - #ssh + #tls - #git-persistence + #certificate @@ -433,60 +431,46 @@

-

An overview on how to use SSH credentials with the Elytron client to connect to a git repository that manages the WildFly server configuration file history.

+

An overview of the new automatic self-signed certificate generation included in WildFly 22.

-
Read More ›
+
Read More ›
- RESTEasy client integration with WildFly Elytron client + Using case principal transformers in Elytron
- + -

By Diana Krepinska Vilkolakova +

By Sonia Zaldana Calles
- October 14, 2020 | + January 12, 2021 | - #resteasy - - #client - - #bearer - - #token - - #basic - - #authentication - - #ssl - - #tls + #principal-transformer @@ -494,35 +478,35 @@

-

An overview of the new RESTEasy client integration with WildFly Elytron client

+

An overview of the new case principal transformer included in WildFly 22.

-
Read More ›
+
Read More ›
- New Security Features in WildFly 21 + TLS 1.3 support for WildFly with OpenSSL
@@ -533,7 +517,11 @@ October 14, 2020 | - #release + #tls + + #ssl + + #openssl @@ -541,35 +529,35 @@
-

An overview of the new security features in WildFly 21.

+

An overview of the new TLS 1.3 support included in WildFly 21.

-
Read More ›
+
Read More ›
- HTTP External Mechanism + SSH Authentication with Git Persistence
@@ -580,9 +568,11 @@ October 14, 2020 | - #http + #client - #external + #ssh + + #git-persistence @@ -590,48 +580,60 @@
-

Overview of Elytron support for the HTTP External Mechanism

+

An overview on how to use SSH credentials with the Elytron client to connect to a git repository that manages the WildFly server configuration file history.

-
Read More ›
+
Read More ›
- An overview of new security realm implementations + RESTEasy client integration with WildFly Elytron client
-

By Martin Mazanek + + +

By Diana Krepinska Vilkolakova
October 14, 2020 | - #security-realm + #resteasy - #distributed-realm + #client + + #bearer - #failover-realm + #token + + #basic + + #authentication + + #ssl + + #tls @@ -639,50 +641,46 @@

-

An overview of the new realm implementations in WildFly Elytron and WildFly 21.

+

An overview of the new RESTEasy client integration with WildFly Elytron client

-
Read More ›
+
Read More ›
- Anomaly based Intrusion Detection System + New Security Features in WildFly 21
- + -

By Piyush Palta +

By Farah Juma
- August 29, 2020 | + October 14, 2020 | - #anomaly-detection - - #intrusion-detection - - #machine-learning + #release @@ -690,29 +688,29 @@

-

An introduction to Anomaly based Intrusion Detection System

+

An overview of the new security features in WildFly 21.

-
Read More ›
+
Read More ›
@@ -766,6 +764,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/7/index.html b/blog/page/7/index.html index 67cf5a1c78..bb85ee36cf 100644 --- a/blog/page/7/index.html +++ b/blog/page/7/index.html @@ -165,20 +165,20 @@
- Introduction to Rule Engine & Blacklist IP Dump of Intrusion Detection System + HTTP External Mechanism
- + -

By Piyush Palta +

By Ashley Abdel-Sayed
- July 27, 2020 | + October 14, 2020 | - #intrusion-detection + #http - #rule-engine + #external @@ -186,48 +186,48 @@

-

An overview of the Rule Engine and Blacklist IP Dump of Intrusion Detection System using Elytron's security events

+

Overview of Elytron support for the HTTP External Mechanism

-
Read More ›
+
Read More ›
- An Introduction to Intrusion Detection System using Elytron + An overview of new security realm implementations
- - -

By Piyush Palta +

By Martin Mazanek
- June 30, 2020 | + October 14, 2020 | - #security-events + #security-realm - #intrusion-detection + #distributed-realm + + #failover-realm @@ -235,46 +235,50 @@

-

An architectural overview of the Intrusion Detection System using Elytron's security events

+

An overview of the new realm implementations in WildFly Elytron and WildFly 21.

-
Read More ›
+
Read More ›
- Using regex role mapper in Elytron + Anomaly based Intrusion Detection System
- + -

By Diana Krepinska Vilkolakova +

By Piyush Palta
- June 16, 2020 | + August 29, 2020 | - #role-mapper + #anomaly-detection + + #intrusion-detection + + #machine-learning @@ -282,46 +286,48 @@

-

An overview of the new regex role mapper included in WildFly 20.

+

An introduction to Anomaly based Intrusion Detection System

-
Read More ›
+
Read More ›
- Planned Security Features for WildFly + Introduction to Rule Engine & Blacklist IP Dump of Intrusion Detection System
- + -

By Farah Juma +

By Piyush Palta
- June 11, 2020 | + July 27, 2020 | - #planning + #intrusion-detection + + #rule-engine @@ -329,52 +335,48 @@

-

An overview of the new security features that we will be working on during the WildFly 21 feature development phase.

+

An overview of the Rule Engine and Blacklist IP Dump of Intrusion Detection System using Elytron's security events

-
Read More ›
+
Read More ›
- Advanced EJB: Securing EJBs using a FileSystem realm and invoking them from a remote client using a credential store + An Introduction to Intrusion Detection System using Elytron
- + -

By Sonia Zaldana Calles +

By Piyush Palta
- June 11, 2020 | + June 30, 2020 | - #ejb - - #filesystem-realm - - #credential-store + #security-events - #remote + #intrusion-detection @@ -382,50 +384,46 @@

-

This blog post describes how to secure EJBs deployed to WildFly using Elytron's FileSystem realm, SASL authentication, and how to invoke them from a standalone remote client using EJB Client libraries.

+

An architectural overview of the Intrusion Detection System using Elytron's security events

-
Read More ›
+
Read More ›
- Using the IP Address of a Remote Client for Authorization Decisions + Using regex role mapper in Elytron
- + -

By Farah Juma +

By Diana Krepinska Vilkolakova
- June 08, 2020 | + June 16, 2020 | - #remote - - #client - - #authorization + #role-mapper @@ -433,35 +431,35 @@

-

An overview of how to make use of a remote client's IP address for authorization decisions.

+

An overview of the new regex role mapper included in WildFly 20.

-
Read More ›
+
Read More ›
- Automatic Credential Store Updates + Planned Security Features for WildFly
@@ -469,12 +467,10 @@

By Farah Juma
- June 08, 2020 | + June 11, 2020 | - #credential-store - - #updates + #planning @@ -482,54 +478,52 @@

-

An overview of the new support for automatic updates of credential stores.

+

An overview of the new security features that we will be working on during the WildFly 21 feature development phase.

-
Read More ›
+
Read More ›
- Elytron's ACME Client Implementation + Advanced EJB: Securing EJBs using a FileSystem realm and invoking them from a remote client using a credential store
- + -

By Farah Juma +

By Sonia Zaldana Calles
- May 07, 2020 | + June 11, 2020 | - #acme - - #client + #ejb - #spi + #filesystem-realm - #java + #credential-store - #certificate + #remote @@ -537,35 +531,35 @@

-

An overview of the ACME client SPI provided by Elytron.

+

This blog post describes how to secure EJBs deployed to WildFly using Elytron's FileSystem realm, SASL authentication, and how to invoke them from a standalone remote client using EJB Client libraries.

-
Read More ›
+
Read More ›
- Server Side SNI Matching with WildFly + Using the IP Address of a Remote Client for Authorization Decisions
@@ -573,14 +567,14 @@

By Farah Juma
- April 22, 2020 | + June 08, 2020 | - #ssl + #remote - #tls + #client - #sni + #authorization @@ -588,48 +582,48 @@

-

An overview on how to use server side SNI matching with WildFly.

+

An overview of how to make use of a remote client's IP address for authorization decisions.

-
Read More ›
+
Read More ›
- Web Services client integration with Elytron + Automatic Credential Store Updates
- + -

By Diana Krepinska Vilkolakova +

By Farah Juma
- March 18, 2020 | + June 08, 2020 | - #webservices + #credential-store - #client-config + #updates @@ -637,35 +631,35 @@

-

An overview of the new integration with Web Services client included in WildFly 19.

+

An overview of the new support for automatic updates of credential stores.

-
Read More ›
+
Read More ›
- TLS 1.3 with WildFly + Elytron's ACME Client Implementation
@@ -673,12 +667,18 @@

By Farah Juma
- March 18, 2020 | + May 07, 2020 | - #tls + #acme + + #client + + #spi + + #java - #ssl + #certificate @@ -686,29 +686,29 @@

-

An overview of the new TLS 1.3 support included in WildFly 19.

+

An overview of the ACME client SPI provided by Elytron.

-
Read More ›
+
Read More ›
@@ -762,6 +762,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/8/index.html b/blog/page/8/index.html index c8bb98b2ee..63d3fb79f2 100644 --- a/blog/page/8/index.html +++ b/blog/page/8/index.html @@ -165,7 +165,7 @@
- New Security Features in WildFly 19 + Server Side SNI Matching with WildFly
@@ -173,10 +173,14 @@

By Farah Juma
- March 18, 2020 | + April 22, 2020 | - #release + #ssl + + #tls + + #sni @@ -184,46 +188,48 @@

-

An overview of the new security features in WildFly 19.

+

An overview on how to use server side SNI matching with WildFly.

-
Read More ›
+
Read More ›
- Planned Security Features for WildFly 19 + Web Services client integration with Elytron
- + -

By Farah Juma +

By Diana Krepinska Vilkolakova
- October 10, 2019 | + March 18, 2020 | - #planning + #webservices + + #client-config @@ -231,48 +237,48 @@

-

An overview of the new security features that are being planned for WildFly 19.

+

An overview of the new integration with Web Services client included in WildFly 19.

-
Read More ›
+
Read More ›
- Configuring an aggregate-realm with a principal-transformer + TLS 1.3 with WildFly
- + -

By Ashley Abdel-Sayed +

By Farah Juma
- September 06, 2019 | + March 18, 2020 | - #realm + #tls - #principal-transformer + #ssl @@ -280,46 +286,46 @@

-

This blog post shows how to use a principal-transformer in an aggregate-realm between authentication and authorization.

+

An overview of the new TLS 1.3 support included in WildFly 19.

-
Read More ›
+
Read More ›
- Support for masked passwords in the client XML configuration + New Security Features in WildFly 19
- + -

By Ashley Abdel-Sayed +

By Farah Juma
- September 05, 2019 | + March 18, 2020 | - #client-config + #release @@ -327,35 +333,35 @@

-

This blog post shows how to generate a masked password and use it as a credential in the authentication client configuration.

+

An overview of the new security features in WildFly 19.

-
Read More ›
+
Read More ›
- New Security Features in WildFly 18 + Planned Security Features for WildFly 19
@@ -363,10 +369,10 @@

By Farah Juma
- September 05, 2019 | + October 10, 2019 | - #release + #planning @@ -374,48 +380,48 @@

-

An overview of the new security features in WildFly 18.

+

An overview of the new security features that are being planned for WildFly 19.

-
Read More ›
+
Read More ›
- Upcoming support for automatic updates of credential stores + Configuring an aggregate-realm with a principal-transformer
- + -

By Farah Juma +

By Ashley Abdel-Sayed
- September 05, 2019 | + September 06, 2019 | - #credential-store + #realm - #updates + #principal-transformer @@ -423,46 +429,46 @@

-

An overview of the upcoming support for automatic updates of credential stores.

+

This blog post shows how to use a principal-transformer in an aggregate-realm between authentication and authorization.

-
Read More ›
+
Read More ›
- Enhanced Audit Logging - Additional RFC Support and Reliability vs Speed Customization Update + Support for masked passwords in the client XML configuration
-

By Justin Cook + + +

By Ashley Abdel-Sayed
- August 30, 2019 | + September 05, 2019 | - #audit-logging - - #rfc + #client-config @@ -470,50 +476,46 @@

-

An overview of the new enhancements done to WildFly Elytron's audit logging in WildFly 18.

+

This blog post shows how to generate a masked password and use it as a credential in the authentication client configuration.

-
Read More ›
+
Read More ›
- WildFly Elytron Credential Store APIs + New Security Features in WildFly 18
- + -

By Darran Lofthouse +

By Farah Juma
- June 26, 2019 | + September 05, 2019 | - #credential-store - - #encryption - - #java + #release @@ -521,35 +523,35 @@

-

This blog post demonstrates the WildFly Elytron credential store APIs.

+

An overview of the new security features in WildFly 18.

-
Read More ›
+
Read More ›
- Using Elytron certificate-based authentication with authorization + Upcoming support for automatic updates of credential stores
@@ -557,18 +559,12 @@

By Farah Juma
- June 14, 2019 | + September 05, 2019 | - #ssl - - #authorization - - #certificate - - #tls + #credential-store - #authentication + #updates @@ -576,48 +572,46 @@

-

This blog post describes how to secure a web application deployed to WildFly using the CLIENT_CERT HTTP authentication mechanism with two-way SSL and authorization.

+

An overview of the upcoming support for automatic updates of credential stores.

-
Read More ›
+
Read More ›
- WildFly Elytron Aggregation of Attributes + Enhanced Audit Logging - Additional RFC Support and Reliability vs Speed Customization Update
- - -

By Darran Lofthouse +

By Justin Cook
- June 12, 2019 | + August 30, 2019 | - #cli + #audit-logging - #security-realm + #rfc @@ -625,46 +619,50 @@

-

This blog describes the upcoming attribute aggregation feature.

+

An overview of the new enhancements done to WildFly Elytron's audit logging in WildFly 18.

-
Read More ›
+
Read More ›
- Security Features for WildFly 18 + WildFly Elytron Credential Store APIs
- + -

By Farah Juma +

By Darran Lofthouse
- June 12, 2019 | + June 26, 2019 | - #planning + #credential-store + + #encryption + + #java @@ -672,29 +670,29 @@

-

An overview of the new security features that are being planned for WildFly 18.

+

This blog post demonstrates the WildFly Elytron credential store APIs.

-
Read More ›
+
Read More ›
@@ -748,6 +746,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/page/9/index.html b/blog/page/9/index.html index db5ea33a68..0b19c8990c 100644 --- a/blog/page/9/index.html +++ b/blog/page/9/index.html @@ -165,18 +165,26 @@
- Security Feature Development for WildFly 17 + Using Elytron certificate-based authentication with authorization
- + -

By Darran Lofthouse +

By Farah Juma
- June 12, 2019 | + June 14, 2019 | - #planning + #ssl + + #authorization + + #certificate + + #tls + + #authentication @@ -184,50 +192,48 @@

-

An update on the security feature development during WildFly 17.

+

This blog post describes how to secure a web application deployed to WildFly using the CLIENT_CERT HTTP authentication mechanism with two-way SSL and authorization.

-
Read More ›
+
Read More ›
- Web Services client and RESTEasy client integration with WildFly Elytron + WildFly Elytron Aggregation of Attributes
- + -

By Diana Krepinska Vilkolakova +

By Darran Lofthouse
- June 11, 2019 | + June 12, 2019 | - #webservices - - #resteasy + #cli - #client + #security-realm @@ -235,35 +241,35 @@

-

An overview of the upcoming Elytron integration with Web Services and RESTEasy on the client side.

+

This blog describes the upcoming attribute aggregation feature.

-
Read More ›
+
Read More ›
- Upcoming support for TLS 1.3 with WildFly + Security Features for WildFly 18
@@ -271,12 +277,10 @@

By Farah Juma
- June 11, 2019 | + June 12, 2019 | - #ssl - - #tls + #planning @@ -284,46 +288,46 @@

-

A quick introduction to the upcoming support for TLS 1.3 in WildFly.

+

An overview of the new security features that are being planned for WildFly 18.

-
Read More ›
+
Read More ›
- Configuring a JDBC Security Realm with BCrypt and Modular Crypt Password Mappers + Security Feature Development for WildFly 17
- + -

By Ashley Abdel-Sayed +

By Darran Lofthouse
- June 11, 2019 | + June 12, 2019 | - #realm-mapper + #planning @@ -331,35 +335,35 @@

-

This blog post shows how to generate BCrypt passwords with different encodings and loading BCrypt and modular crypt passwords using a JDBC security realm in WildFly Elytron.

+

An update on the security feature development during WildFly 17.

-
Read More ›
+
Read More ›
- Obtain and manage certificates from any server instance that implements ACME specification using the WildFly CLI + Web Services client and RESTEasy client integration with WildFly Elytron
@@ -370,11 +374,11 @@ June 11, 2019 | - #certificate + #webservices - #cli + #resteasy - #acme + #client @@ -382,35 +386,35 @@
-

This blog post describes the upcoming feature that allows to configure other ACME certificate authorities than Let's Encrypt for obtaining and managing of certificates.

+

An overview of the upcoming Elytron integration with Web Services and RESTEasy on the client side.

-
Read More ›
+
Read More ›
- Mapping an X.509 certificate chain to an identity using a subject alternative name + Upcoming support for TLS 1.3 with WildFly
@@ -421,9 +425,9 @@ June 11, 2019 | - #identity + #ssl - #x509 + #tls @@ -431,46 +435,46 @@
-

An introduction on how we are enhancing the mapping of an X.509 certificate to an underlying identity.

+

A quick introduction to the upcoming support for TLS 1.3 in WildFly.

-
Read More ›
+
Read More ›
- Enhanced Audit Logging in WildFly Elytron - RFC Support and Reliabiliity/Speed Customization + Configuring a JDBC Security Realm with BCrypt and Modular Crypt Password Mappers
-

By Justin Cook + + +

By Ashley Abdel-Sayed
June 11, 2019 | - #audit-logging - - #rfc + #realm-mapper @@ -478,46 +482,50 @@

-

An update on the audit logging enhancements of additional RFC support and reliability vs speed customization that is being added to WildFly Elytron.

+

This blog post shows how to generate BCrypt passwords with different encodings and loading BCrypt and modular crypt passwords using a JDBC security realm in WildFly Elytron.

-
Read More ›
+
Read More ›
- Security Features for WildFly 17 + Obtain and manage certificates from any server instance that implements ACME specification using the WildFly CLI
- + -

By Darran Lofthouse +

By Diana Krepinska Vilkolakova
- March 05, 2019 | + June 11, 2019 | - #release + #certificate + + #cli + + #acme @@ -525,35 +533,35 @@

-

This blog post identifies the security features planned for WildFly 17.

+

This blog post describes the upcoming feature that allows to configure other ACME certificate authorities than Let's Encrypt for obtaining and managing of certificates.

-
Read More ›
+
Read More ›
- What's new in Elytron in WildFly 16 + Mapping an X.509 certificate chain to an identity using a subject alternative name
@@ -561,10 +569,12 @@

By Farah Juma
- February 28, 2019 | + June 11, 2019 | - #release + #identity + + #x509 @@ -572,48 +582,46 @@

-

An overview of the new Elytron features in WildFly 16.

+

An introduction on how we are enhancing the mapping of an X.509 certificate to an underlying identity.

-
Read More ›
+
Read More ›
- HTTP Basic Authentication in silent mode with Wildfly Elytron + Enhanced Audit Logging in WildFly Elytron - RFC Support and Reliabiliity/Speed Customization
- - -

By Diana Krepinska Vilkolakova +

By Justin Cook
- February 28, 2019 | + June 11, 2019 | - #http + #audit-logging - #authentication + #rfc @@ -621,50 +629,46 @@

-

How to set and make use of silent mode for the HTTP BASIC authentication mechanism.

+

An update on the audit logging enhancements of additional RFC support and reliability vs speed customization that is being added to WildFly Elytron.

-
Read More ›
+
Read More ›
- Converting Legacy Properties Files into a FileSystemRealm with Elytron Tool + Security Features for WildFly 17
-

By Justin Cook + + +

By Darran Lofthouse
- February 28, 2019 | + March 05, 2019 | - #migration - - #tool - - #filesystem-realm - - #properties + #release @@ -672,29 +676,29 @@

-

An overview of how to use Elytron Tool to convert legacy properties files into an Elytron FileSystemRealm.

+

This blog post identifies the security features planned for WildFly 17.

-
Read More ›
+
Read More ›
@@ -748,6 +752,10 @@

Tags

+ auth0
+ + + authentication
diff --git a/blog/securing-wildfly-apps-auth0-openshift/index.html b/blog/securing-wildfly-apps-auth0-openshift/index.html new file mode 100644 index 0000000000..a4974d0be8 --- /dev/null +++ b/blog/securing-wildfly-apps-auth0-openshift/index.html @@ -0,0 +1,685 @@ + + + + + + Elytron: Securing WildFly Apps with Auth0 on OpenShift + + + + + + + + + + + + + + + + + +Securing WildFly Apps with Auth0 on OpenShift | WildFly Elytron + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +

WildFly Elytron

 + +
+ +
+
+
+

WildFly Elytron

+ +
+
+
+ +
+
+
+

Securing WildFly Apps with Auth0 on OpenShift

+
+
+ + + + +

+ By Ashwin Mehendale | December 08, 2023 +
+ + + #oidc + + #openshift + + #auth0 + + +

+
+ +
+
+
+
+

You can secure your WildFly applications deployed on OpenShift with OpenID Connect (OIDC). By using OIDC to secure applications, you delegate authentication to OIDC providers. This guide shows how to secure an example application deployed to WildFly on OpenShift with OIDC using Auth0 as the OIDC provider.

+
+ +
+

Prerequisites

+
+
+

To follow along with this guide, you will need:

+
+
+ +
+
+
+
+

Example Application

+
+
+

We will use a simple web application in this guide that consists of a single servlet. We will secure this servlet using OIDC.

+
+
+

We will use the example in the simple-webapp-auth0 directory in this repo.

+
+
+

To obtain this example, clone the elytron-examples repository to your local machine:

+
+
+
+
git clone git@github.com:wildfly-security-incubator/elytron-examples.git
+
+
+
+
+
+

Log Into the OpenShift Cluster

+
+
+

Before we can deploy our application, we need to log in to an OpenShift cluster. You can log in via the OpenShift CLI:

+
+
+
+
oc login -u myUserName
+
+
+
+

Alternatively, you can log in using an API token:

+
+
+
+
oc login --token=myToken --server=myServerUrl
+
+
+
+

You can request the token via the Copy Login Command link in the OpenShift web console.

+
+
+

If you don’t already have a project created, you can create one using:

+
+
+
+
oc new-project myProjectName
+
+
+
+
+
+

Configure Auth0

+
+
+

We will be using Auth0 as our OpenID provider.

+
+
+
    +
  1. +

    Log into the Auth0 Dashboard.

    +
    2. +
  2. +

    Create an application called OIDC App. For the application type, select Regular Web Applications and then click on Create. For more information, see the Auth0 documentation on how to create applications.

    +
    3. +
  3. +

    Once the application has been created, we’ll see the Domain, Client ID, and Client Secret in the Basic Information section. We’ll make use of these values when adding Helm configuration in a bit.

    +
    4. +
  4. +

    Using the sidebar menu on the left side of the Dashboard, navigate to the APIs page and copy the API Audience value.

    +
    5. +
  5. +

    Using the sidebar menu on the left side of the Dashboard, navigate to the Settings page and scroll down to the API Authorization Settings. Paste the API Audience value you just copied into the Default Audience field and then click on Save.

    +
    +

    This will allow us to receive access tokens that are JWTs from Auth0. In the future, we’re hoping to add the ability +to handle opaque access tokens as well to WildFly’s Elytron OIDC Client subsystem.

    +
    +
    6. +
  6. +

    Using the sidebar menu on the left side of the Dashboard, click on User Management and then Users. You can then +create a new user by clicking on Create User. You’ll need to specify the new user’s email, we’ll use user@example.com. You’ll also need to set a password for the user.

    +
    +

    Once the user has been created, you’ll see the user’s user_id at the top of the page.

    +
    +
    +

    For more information, see Auth0’s documentation on how to create users.

    +
    +
    7. +
+
+
+
+
+

Add Helm Configuration

+
+
+
    +
  1. +

    Switch to the charts directory in the simple-webapp-auth0 example.

    +
    +
    +
    cd /PATH/TO/ELYTRON/EXAMPLES/simple-webapp-auth0/charts
    +
    +
    +
    +

    Notice there’s a helm.yaml file in this directory with the following content:

    +
    +
    +
    +
    build:
+  uri: https://github.com/wildfly-security-incubator/elytron-examples.git
+  contextDir: simple-webapp-auth0
+deploy:
+  env:
+    - name: DOMAIN
+      value: <AUTH0_DOMAIN>             (1)
+    - name: CLIENT_ID
+      value: <AUTH0_CLIENT_ID>          (2)
+    - name: CLIENT_SECRET
+      value: <AUTH0_CLIENT_SECRET>      (3)
    +
    +
    +
    +

    You need to update the environment variable values here using the information we saw earlier in the Auth0 Dashboard, +as described below.

    +
    +
    2. +
+
+
+ + + + + + + + + + + + + +
1Replace <AUTH0_DOMAIN> with the Domain value from your OIDC App’s Basic Information section in the Auth0 Dashboard.
2Replace <AUTH0_CLIENT_ID> with the Client ID value from your OIDC App’s Basic Information section in the Auth0 Dashboard.
3Replace <AUTH0_CLIENT_SECRET> with the Client Secret value from your OIDC App’s Basic Information section in the Auth0 Dashboard.
+
+
+
+
+

Deploy the Example Application to WildFly on OpenShift

+
+
+

If you haven’t already installed the WildFly Helm chart, install it:

+
+
+
+
helm repo add wildfly https://docs.wildfly.org/wildfly-charts/
+
+
+
+

If you’ve already installed the WildFly Helm Chart, be sure to update it to ensure you have the latest one:

+
+
+
+
helm repo update
+
+
+
+

We can deploy our example application to WildFly on OpenShift using the WildFly Helm Chart:

+
+
+
+
helm install oidc-app -f /PATH/TO/ELYTRON/EXAMPLES/simple-webapp-auth0/charts/helm.yaml wildfly/wildfly
+
+
+
+

Notice that this command specifies the file we updated, helm.yaml, that contains the values +needed to build and deploy our application.

+
+
+

The application will now begin to build. This will take a couple of minutes.

+
+
+

The build can be observed using:

+
+
+
+
oc get build -w
+
+
+
+

Once complete, you can follow the deployment of the application using:

+
+
+
+
oc get deployment oidc-app -w
+
+
+
+

Alternatively, you can check status directly from the OpenShift web console.

+
+
+

Behind the Scenes

+
+

While our application is building, let’s take a closer look at our application.

+
+
+
    +
  • +

    Examine the pom.xml file.

    +
    +

    Notice that it contains an openshift profile. A profile in Maven lets you create a set of configuration values to customize your application build for different environments. The openshift profile in this example defines a configuration that will be used by the WildFly Helm Chart when provisioning the WildFly server on OpenShift.

    +
    +
    +
    +
    <profiles>
+    <profile>
+        <id>openshift</id>
+        <build>
+            <plugins>
+                <plugin>
+                    <groupId>org.wildfly.plugins</groupId>
+                    <artifactId>wildfly-maven-plugin</artifactId>         (1)
+                    <version>${version.wildfly.maven.plugin}</version>
+                    <configuration>
+                        <feature-packs>
+                            <feature-pack>
+                                <location>org.wildfly:wildfly-galleon-pack:${version.wildfly}</location>
+                            </feature-pack>
+                            <feature-pack>
+                                <location>org.wildfly.cloud:wildfly-cloud-galleon-pack:${version.wildfly.cloud.galleon.pack}</location>
+                            </feature-pack>
+                        </feature-packs>
+                        <layers>
+                            <layer>cloud-server</layer>
+                            <layer>elytron-oidc-client</layer>           (2)
+                        </layers>
+                        <filename>simple-webapp-auth0.war</filename>
+                    </configuration>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>package</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+            </plugins>
+        </build>
+    </profile>
+</profiles>
    +
    +
    +
    + + + + + + + + + +
    1wildfly-maven-plugin provisions a WildFly server with the specified layers with our application deployed.
    2elytron-oidc-client automatically adds the native OIDC client subsystem to our WildFly installation.
    +
    +
    • +
  • +

    Examine the web.xml.

    +
    +
    +
    ...
+    <login-config>
+        <auth-method>OIDC</auth-method>  (1)
+    </login-config>
+...
    +
    +
    +
    + + + + + +
    1When the elytron-oidc-client subsystem sees the auth-method is set to OIDC, it enables the OIDC authentication mechanism for the application.
    +
    +
    • +
  • +

    Examine the oidc.json file. The oidc.json is used to configure the native OIDC client subsystem.

    +
    +
    +
    {
+    "client-id" : "${env.CLIENT_ID}",                                                 (1)
+    "provider-url" : "https://${env.DOMAIN}",                                         (2)
+    "ssl-required" : "EXTERNAL",                                                      (3)
+    "credentials" : {
+        "secret" : "${env.CLIENT_SECRET}"                                             (4)
+    }
+}
    +
    +
    +
    + + + + + + + + + + + + + + + + + +
    1The client ID, which is specified using the CLIENT_ID environment variable we defined in the Helm configuration.
    2The provider URL, which is specified using the DOMAIN environment variable. We defined its value in the Helm configuration.
    3When ssl-required is set to EXTERNAL, communication with external clients happens over HTTPs.
    4The client secret is needed to communicate with Auth0. This refers to the CLIENT_SECRET environment variable that we defined in the Helm configuration.
    +
    +
    • +
+
+
+
+
+
+

Get the Application URL

+
+
+

Once the WildFly server has been provisioned, use the following command to find the URL for your example +application:

+
+
+
+
SIMPLE_WEBAPP_AUTH0_URL=https://$(oc get route oidc-app --template='{{ .spec.host }}') &&
+echo "" &&
+echo "Application URL: $SIMPLE_WEBAPP_AUTH0_URL/simple-webapp-auth0"  &&
+echo "Allowed Callback URL: $SIMPLE_WEBAPP_AUTH0_URL/simple-webapp-auth0/secured/*" &&
+echo ""
+
+
+
+

We’ll make use of these URLs in the next two sections.

+
+
+
+
+

Finish Configuring Auth0

+
+
+

From your OIDC App in the Auth0 Dashboard, scroll down to the Application URIs section and set +Allowed Callback URLs to the Allowed Callback URL that was output in the previous section. Then click on Save Changes.

+
+
+
+
+

Access the Application

+
+
+

From your browser, navigate to the Application URL that was output in the previous section.

+
+
+

Click on Access Secured Servlet.

+
+
+

You will be redirected to Auth0 to log in.

+
+
+

Log in using the user@example.com user we created earlier.

+
+
+

Upon successful authentication, you will be redirected back to the example application.

+
+
+

The example application simply outputs the user_id of the logged in user.

+
+
+

You should see output similar to the following:

+
+
+
+
Secured Servlet
+
+Current Principal 'auth0|6544f9aa427fb9f276240d55'
+
+
+
+

Notice the user_id for our user@example.com user is displayed. This indicates that we have successfully logged into our application!

+
+
+
+
+

Summary

+
+
+

This guide has shown how to secure an application deployed to WildFly on OpenShift using the Auth0 OpenID provider. For additional +information, feel free to check out the resources linked below.

+
+
+
+
+

Resources

+
+
+ +
+
+
+
+
+
+
+ +
+
+
+
+ + diff --git a/blog/securing-wildfly-apps-oidc-openshift/index.html b/blog/securing-wildfly-apps-oidc-openshift/index.html index 68b95f9fc4..6bc369f77b 100644 --- a/blog/securing-wildfly-apps-oidc-openshift/index.html +++ b/blog/securing-wildfly-apps-oidc-openshift/index.html @@ -544,7 +544,7 @@

-
helm install oidc-app -f /PATH/TO/ELYTRON/EXAMPLES/simple-webapp-saml/charts/helm.yaml wildfly/wildfly
+
helm install oidc-app -f /PATH/TO/ELYTRON/EXAMPLES/simple-webapp-oidc/charts/helm.yaml wildfly/wildfly

@@ -799,9 +799,6 @@

Resources

  • Using OpenID Connect to secure applications and services

    • -
  • -

    WildFly Helm Chart

    -
    • diff --git a/blog/specify-file-audit-log-encoding/index.html b/blog/specify-file-audit-log-encoding/index.html new file mode 100644 index 0000000000..8e920fae34 --- /dev/null +++ b/blog/specify-file-audit-log-encoding/index.html @@ -0,0 +1,311 @@ + + + + + + Elytron: Change the default encoding of the audit log file in WildFly + + + + + + + + + + + + + + + + + +Change the default encoding of the audit log file in WildFly | WildFly Elytron + + + + + + + + + + + + + + + + + + + + + + + +
    +
    +
    + +

    WildFly Elytron

     + +
    + +
    +
    +
    +

    WildFly Elytron

    + +
    +
    +
    + +
    +
    +
    +

    Change the default encoding of the audit log file in WildFly

    +
    +
    + + + + +

    + By Ilia Vassilev | November 14, 2023 +
    + + + #audit-logging + + #encoding + + +

    +
    + +
    +
    +
    +
    +

    The default encoding used for the audit log file is UTF-8. Starting from WildFly 29, you can change the default encoding by specifying encoding attribute in file-audit-log, periodic-rotating-file-audit-log or size-rotating-file-audit-log elements in the Elytron subsystem. +Possible values are: UTF-8, UTF-16BE, UTF-16LE, UTF-16, US-ASCII or ISO-8859-1.

    +
    +
    +
    +
    <file-audit-log name="local-file" path="audit.log" relative-to="jboss.server.log.dir" synchronized="false" autoflush="true" format="JSON" encoding="UTF-16"/>
+...
+<periodic-rotating-file-audit-log name="periodic-rotating" path="audit.log" relative-to="jboss.server.log.dir" format="JSON" encoding="US-ASCII" suffix="y-M-d"/>
+...
+<size-rotating-file-audit-log name="size-rotating" path="audit.log" relative-to="jboss.server.log.dir" format="JSON" encoding="ISO-8859-1" max-backup-index="5" rotate-on-boot="true" rotate-size="5" suffix="y-M-d"/>
    +
    +
    +
    +

    Example

    +
    +
    +

    This example will show how to deploy a simple web application, update the security domain configuration to enable audit logging and inspect the resulting file. +We will use the simple-webapp example which can be found here.

    +
    +
    +

    Clone the elytron-examples repo locally:

    +
    +
    +
    +
    git clone https://github.com/wildfly-security-incubator/elytron-examples
+
+cd elytron-examples
    +
    +
    +
    +

    Server configuration

    +
    +

    The following set of instructions will update the security domain configuration to enable audit logging in WildFly server. We will be deploying a simple web application from elytron-examples/simple-webapp.

    +
    +
    +

    Navigate to the server home directory and enter the following command. +This will connect to the server, after which you can proceed to configuring the server.

    +
    +
    +
    +
    $SERVER_HOME/bin/jboss-cli.sh --connect
    +
    +
    +
    +

    The following CLI command adds a new audit log file with UTF-16 encoding:

    +
    +
    +
    +
    /subsystem=elytron/file-audit-log=local-file-UTF-16:add(path="audit-UTF-16.log", relative-to="jboss.server.log.dir", format="JSON", synchronized="false", encoding="UTF-16")
+
+reload
    +
    +
    +
    +

    Add the file audit log to a security domain:

    +
    +
    +
    +
    /subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=security-event-listener , value="local-file-UTF-16")
    +
    +
    +
    +
    +

    Deploying the application

    +
    +

    We’re going to make use of the simple-webapp project. It can be deployed using the following commands:

    +
    +
    +
    +
    cd $PATH_TO_ELYTRON_EXAMPLES/simple-webapp
+
+mvn clean install wildfly:deploy
    +
    +
    +
    +
    +

    Accessing the application

    +
    +

    Try accessing the application using https://localhost:8443/simple-webapp . +Select Access Secured Servlet link and try to sing in using invalid credentials.

    +
    +
    +
    +

    Review the audit log file for new events

    +
    +

    Stop the server and open $SERVER_HOME/standalone/log/audit-UTF-16.log file which is UTF-16 encoded. You should find SecurityAuthenticationFailedEvent log entry.

    +
    +
    +
    +
    +
    +

    Summary

    +
    +
    +

    You can change the default encoding of the audit log file in the WildFly server.

    +
    +
    +
    +
    +
    +
    +
    + +
    +
    +
    +
    + + diff --git a/blog/tag/acme/index.html b/blog/tag/acme/index.html index 7ec6d74c8a..cfdf612ed3 100644 --- a/blog/tag/acme/index.html +++ b/blog/tag/acme/index.html @@ -310,6 +310,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/adapter/index.html b/blog/tag/adapter/index.html index da0251fd49..003331c9c9 100644 --- a/blog/tag/adapter/index.html +++ b/blog/tag/adapter/index.html @@ -314,6 +314,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/aes/index.html b/blog/tag/aes/index.html index 66f7017aaf..4ff7519a6f 100644 --- a/blog/tag/aes/index.html +++ b/blog/tag/aes/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/algorithm/index.html b/blog/tag/algorithm/index.html index 5ff5aa0a0d..60a613b071 100644 --- a/blog/tag/algorithm/index.html +++ b/blog/tag/algorithm/index.html @@ -266,6 +266,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ama/index.html b/blog/tag/ama/index.html index 823401b3ad..3ea0a4858f 100644 --- a/blog/tag/ama/index.html +++ b/blog/tag/ama/index.html @@ -304,6 +304,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/anomaly-detection/index.html b/blog/tag/anomaly-detection/index.html index 2a02d7596f..1a8f8eb178 100644 --- a/blog/tag/anomaly-detection/index.html +++ b/blog/tag/anomaly-detection/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/audit-logging/index.html b/blog/tag/audit-logging/index.html index 5c4ed2cc52..e2671c8554 100644 --- a/blog/tag/audit-logging/index.html +++ b/blog/tag/audit-logging/index.html @@ -166,6 +166,54 @@
    +
    +
    + Change the default encoding of the audit log file in WildFly +
    +
    + + + +

    By Ilia Vassilev
    + November 14, 2023 | + + + #audit-logging + + #encoding + + + +

    +
    + +
    +
    +
    + +

    An overview of how to change the default encoding of the audit log file.

    + +
    +
    Read More ›
    +
    + +
    Enhanced Audit Logging - Additional RFC Support and Reliability vs Speed Customization Update @@ -298,6 +346,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/auth0/index.html b/blog/tag/auth0/index.html new file mode 100644 index 0000000000..b39bee7259 --- /dev/null +++ b/blog/tag/auth0/index.html @@ -0,0 +1,712 @@ + + + + + + Elytron: auth0 + + + + + + + + + + + + + + + + + +auth0 | WildFly Elytron + + + + + + + + + + + + + + + + + +
    +
    +
    + +

    WildFly Elytron

     + +
    + +
    +
    +
    +

    WildFly Elytron

    + +
    +
    +
    + +
    +
    + +
    + +
    + +
    +
    +
    +

    Blogs auth0

    +
    +
    + + +
    +
    + Securing WildFly Apps with Auth0 on OpenShift +
    +
    + + + +

    By Ashwin Mehendale
    + December 08, 2023 | + + + #oidc + + #openshift + + #auth0 + + + +

    +
    + +
    +
    +
    + +

    Learn how to secure applications deployed to WildFly on OpenShift with the Auth0 OpenID provider.

    + +
    +
    Read More ›
    +
    + + +
    +
    + +
    +
    + +
    +

    Tags

    + + + + + acme
    + + + + adapter
    + + + + aes
    + + + + algorithm
    + + + + ama
    + + + + anomaly-detection
    + + + + audit-logging
    + + + + auth0
    + + + + authentication
    + + + + authorization
    + + + + basic
    + + + + bearer
    + + + + certificate
    + + + + cli
    + + + + client
    + + + + client-cert
    + + + + client-config
    + + + + console
    + + + + credential-store
    + + + + custom-component
    + + + + custom-principal
    + + + + default-ssl-context
    + + + + delegation
    + + + + digest
    + + + + distributed-realm
    + + + + dynamic
    + + + + ejb
    + + + + encoding
    + + + + encryption
    + + + + expression
    + + + + external
    + + + + factory
    + + + + failover-realm
    + + + + faq
    + + + + filesystem
    + + + + filesystem-realm
    + + + + galleon
    + + + + galleon-pack
    + + + + ghc
    + + + + ghc22
    + + + + ghc23
    + + + + git-persistence
    + + + + git-tips
    + + + + github
    + + + + hacktoberfest
    + + + + hash
    + + + + http
    + + + + https
    + + + + identity
    + + + + integrity
    + + + + intrusion-detection
    + + + + jaas
    + + + + jaspi
    + + + + java
    + + + + jetty
    + + + + jvm
    + + + + kerberos
    + + + + keycloak
    + + + + keystore
    + + + + ldap
    + + + + lets-encrypt
    + + + + login-context
    + + + + login-module
    + + + + machine-learning
    + + + + management
    + + + + management-model
    + + + + migration
    + + + + netty
    + + + + oath2
    + + + + oidc
    + + + + openshift
    + + + + opensource
    + + + + opensourceday
    + + + + openssl
    + + + + osd
    + + + + peer
    + + + + permissions
    + + + + planning
    + + + + principal
    + + + + principal-decoder
    + + + + principal-propagation
    + + + + principal-transformer
    + + + + propagation
    + + + + properties
    + + + + provider
    + + + + realm
    + + + + realm-mapper
    + + + + recap
    + + + + release
    + + + + remote
    + + + + resteasy
    + + + + rfc
    + + + + role-mapper
    + + + + rule-engine
    + + + + saml
    + + + + sasl
    + + + + security-events
    + + + + security-realm
    + + + + sha-256
    + + + + sha-512-256
    + + + + sni
    + + + + spi
    + + + + spnego
    + + + + ssh
    + + + + ssl
    + + + + ssl-context
    + + + + sso
    + + + + tls
    + + + + token
    + + + + tool
    + + + + trust-manager
    + + + + truststore
    + + + + undertow
    + + + + updates
    + + + + ux
    + + + + vault
    + + + + vlog
    + + + + webservices
    + + + + x509
    + +
    +
    +
    +
    +
    +
    + + diff --git a/blog/tag/authentication/index.html b/blog/tag/authentication/index.html index 658763afde..20fcdc61ac 100644 --- a/blog/tag/authentication/index.html +++ b/blog/tag/authentication/index.html @@ -734,6 +734,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/authorization/index.html b/blog/tag/authorization/index.html index 81e4b44287..9a6f85f149 100644 --- a/blog/tag/authorization/index.html +++ b/blog/tag/authorization/index.html @@ -406,6 +406,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/basic/index.html b/blog/tag/basic/index.html index b1047dfec5..76ff1cce28 100644 --- a/blog/tag/basic/index.html +++ b/blog/tag/basic/index.html @@ -372,6 +372,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/bearer/index.html b/blog/tag/bearer/index.html index 6528ded9de..8cc6cbbb32 100644 --- a/blog/tag/bearer/index.html +++ b/blog/tag/bearer/index.html @@ -314,6 +314,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/certificate/index.html b/blog/tag/certificate/index.html index 321042afc3..9c42157d94 100644 --- a/blog/tag/certificate/index.html +++ b/blog/tag/certificate/index.html @@ -656,6 +656,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/cli/index.html b/blog/tag/cli/index.html index 0c2d910cab..584563cc9f 100644 --- a/blog/tag/cli/index.html +++ b/blog/tag/cli/index.html @@ -460,6 +460,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/client-cert/index.html b/blog/tag/client-cert/index.html index 705873f1be..5ce74c85ca 100644 --- a/blog/tag/client-cert/index.html +++ b/blog/tag/client-cert/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/client-config/index.html b/blog/tag/client-config/index.html index ef0aac2291..465a4acc9d 100644 --- a/blog/tag/client-config/index.html +++ b/blog/tag/client-config/index.html @@ -410,6 +410,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/client/index.html b/blog/tag/client/index.html index eada802486..d1a1d1db11 100644 --- a/blog/tag/client/index.html +++ b/blog/tag/client/index.html @@ -680,6 +680,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/console/index.html b/blog/tag/console/index.html index 1e8a437fb2..fc9f21303d 100644 --- a/blog/tag/console/index.html +++ b/blog/tag/console/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/credential-store/index.html b/blog/tag/credential-store/index.html index ec3c32aaeb..7875b452a8 100644 --- a/blog/tag/credential-store/index.html +++ b/blog/tag/credential-store/index.html @@ -514,6 +514,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/custom-component/index.html b/blog/tag/custom-component/index.html index 915a1fd925..7fd432a09d 100644 --- a/blog/tag/custom-component/index.html +++ b/blog/tag/custom-component/index.html @@ -350,6 +350,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/custom-principal/index.html b/blog/tag/custom-principal/index.html index 756b7c51e5..9547d5200d 100644 --- a/blog/tag/custom-principal/index.html +++ b/blog/tag/custom-principal/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/default-ssl-context/index.html b/blog/tag/default-ssl-context/index.html index 13f47fd393..df37493825 100644 --- a/blog/tag/default-ssl-context/index.html +++ b/blog/tag/default-ssl-context/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/delegation/index.html b/blog/tag/delegation/index.html index ef39b0420b..9bd11d97ba 100644 --- a/blog/tag/delegation/index.html +++ b/blog/tag/delegation/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/digest/index.html b/blog/tag/digest/index.html index c9cd9b645b..b6855622fe 100644 --- a/blog/tag/digest/index.html +++ b/blog/tag/digest/index.html @@ -266,6 +266,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/distributed-realm/index.html b/blog/tag/distributed-realm/index.html index 662d34ab27..ea2c05d4ff 100644 --- a/blog/tag/distributed-realm/index.html +++ b/blog/tag/distributed-realm/index.html @@ -166,6 +166,56 @@
    +
    +
    + Using distributed realm ignore-unavailable-realms attribute in Elytron +
    +
    + + + +

    By Lukas Vydra
    + November 20, 2023 | + + + #distributed-realm + + #filesystem-realm + + #ldap + + + +

    +
    + +
    +
    +
    + +

    An example of distributed realm ignore-unavailable-realms attribute usage in WildFly.

    + +
    +
    Read More ›
    +
    + +
    Using distributed realm in Elytron @@ -302,6 +352,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/dynamic/index.html b/blog/tag/dynamic/index.html index 1be8d2647d..00afc5eb6e 100644 --- a/blog/tag/dynamic/index.html +++ b/blog/tag/dynamic/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ejb/index.html b/blog/tag/ejb/index.html index 872cf70ac7..055edbbc50 100644 --- a/blog/tag/ejb/index.html +++ b/blog/tag/ejb/index.html @@ -168,7 +168,7 @@
    - Identity Propagation with OIDC + Identity Propagation with OpenID Connect
    @@ -192,10 +192,10 @@
    -

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OIDC.

    +

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OpenID Connect.

    Read More ›
    @@ -564,6 +564,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/encoding/index.html b/blog/tag/encoding/index.html index c0daf32c3c..2761fb014c 100644 --- a/blog/tag/encoding/index.html +++ b/blog/tag/encoding/index.html @@ -166,6 +166,54 @@
    +
    +
    + Change the default encoding of the audit log file in WildFly +
    +
    + + + +

    By Ilia Vassilev
    + November 14, 2023 | + + + #audit-logging + + #encoding + + + +

    +
    + +
    +
    +
    + +

    An overview of how to change the default encoding of the audit log file.

    + +
    +
    Read More ›
    +
    + +
    Using hash character sets and encodings in Elytron @@ -306,6 +354,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/encryption/index.html b/blog/tag/encryption/index.html index 1bac7c948c..c4280e7c00 100644 --- a/blog/tag/encryption/index.html +++ b/blog/tag/encryption/index.html @@ -556,6 +556,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/expression/index.html b/blog/tag/expression/index.html index 7d536e3dc1..bdcb5d0d20 100644 --- a/blog/tag/expression/index.html +++ b/blog/tag/expression/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/external/index.html b/blog/tag/external/index.html index d7c7db49ff..ae36d4d79f 100644 --- a/blog/tag/external/index.html +++ b/blog/tag/external/index.html @@ -254,6 +254,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/factory/index.html b/blog/tag/factory/index.html index 32c46c87d2..1c1a47cd56 100644 --- a/blog/tag/factory/index.html +++ b/blog/tag/factory/index.html @@ -266,6 +266,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/failover-realm/index.html b/blog/tag/failover-realm/index.html index 838aea7d17..3eb790d12b 100644 --- a/blog/tag/failover-realm/index.html +++ b/blog/tag/failover-realm/index.html @@ -304,6 +304,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/faq/index.html b/blog/tag/faq/index.html index e59b57df2a..038102188d 100644 --- a/blog/tag/faq/index.html +++ b/blog/tag/faq/index.html @@ -254,6 +254,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/filesystem-realm/index.html b/blog/tag/filesystem-realm/index.html index ca5c544a07..028ccdc03b 100644 --- a/blog/tag/filesystem-realm/index.html +++ b/blog/tag/filesystem-realm/index.html @@ -166,6 +166,56 @@
    +
    +
    + Using distributed realm ignore-unavailable-realms attribute in Elytron +
    +
    + + + +

    By Lukas Vydra
    + November 20, 2023 | + + + #distributed-realm + + #filesystem-realm + + #ldap + + + +

    +
    + +
    +
    +
    + +

    An example of distributed realm ignore-unavailable-realms attribute usage in WildFly.

    + +
    +
    Read More ›
    +
    + +
    Adding Support for Integrity Checking to an Existing Filesystem Realm @@ -908,6 +958,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/filesystem/index.html b/blog/tag/filesystem/index.html index 2564bd2cf9..56aa59c80d 100644 --- a/blog/tag/filesystem/index.html +++ b/blog/tag/filesystem/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/galleon-pack/index.html b/blog/tag/galleon-pack/index.html index 0d8a0c11a4..1ba9a2eb34 100644 --- a/blog/tag/galleon-pack/index.html +++ b/blog/tag/galleon-pack/index.html @@ -314,6 +314,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/galleon/index.html b/blog/tag/galleon/index.html index 2e95cb5fe4..17a801fc75 100644 --- a/blog/tag/galleon/index.html +++ b/blog/tag/galleon/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ghc/index.html b/blog/tag/ghc/index.html index 800866099d..1c595c4af2 100644 --- a/blog/tag/ghc/index.html +++ b/blog/tag/ghc/index.html @@ -518,6 +518,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ghc22/index.html b/blog/tag/ghc22/index.html index 26e10ef1a6..08e4f1f6b5 100644 --- a/blog/tag/ghc22/index.html +++ b/blog/tag/ghc22/index.html @@ -302,6 +302,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ghc23/index.html b/blog/tag/ghc23/index.html index 346bf0dea0..8c0d0f3882 100644 --- a/blog/tag/ghc23/index.html +++ b/blog/tag/ghc23/index.html @@ -468,6 +468,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/git-persistence/index.html b/blog/tag/git-persistence/index.html index 6448c1073c..d811f92232 100644 --- a/blog/tag/git-persistence/index.html +++ b/blog/tag/git-persistence/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/git-tips/index.html b/blog/tag/git-tips/index.html index 77de56b750..94732fe454 100644 --- a/blog/tag/git-tips/index.html +++ b/blog/tag/git-tips/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/github/index.html b/blog/tag/github/index.html index 316665fbca..c849b1f44e 100644 --- a/blog/tag/github/index.html +++ b/blog/tag/github/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/hacktoberfest/index.html b/blog/tag/hacktoberfest/index.html index 8fa27d8bbd..3722f393d6 100644 --- a/blog/tag/hacktoberfest/index.html +++ b/blog/tag/hacktoberfest/index.html @@ -302,6 +302,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/hash/index.html b/blog/tag/hash/index.html index 9f278ee9ac..f36e6f8c04 100644 --- a/blog/tag/hash/index.html +++ b/blog/tag/hash/index.html @@ -306,6 +306,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/http/index.html b/blog/tag/http/index.html index 06b2d122ac..59c6ddca28 100644 --- a/blog/tag/http/index.html +++ b/blog/tag/http/index.html @@ -568,6 +568,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/https/index.html b/blog/tag/https/index.html index f54c03ed66..ac76f6deab 100644 --- a/blog/tag/https/index.html +++ b/blog/tag/https/index.html @@ -264,6 +264,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/identity/index.html b/blog/tag/identity/index.html index ad69733864..ac2d632ab9 100644 --- a/blog/tag/identity/index.html +++ b/blog/tag/identity/index.html @@ -168,7 +168,7 @@
    - Identity Propagation with OIDC + Identity Propagation with OpenID Connect
    @@ -192,10 +192,10 @@
    -

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OIDC.

    +

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OpenID Connect.

    Read More ›
    @@ -306,6 +306,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/integrity/index.html b/blog/tag/integrity/index.html index 8cf60c009a..d8e8290528 100644 --- a/blog/tag/integrity/index.html +++ b/blog/tag/integrity/index.html @@ -406,6 +406,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/intrusion-detection/index.html b/blog/tag/intrusion-detection/index.html index 744f080528..fd9b654dd4 100644 --- a/blog/tag/intrusion-detection/index.html +++ b/blog/tag/intrusion-detection/index.html @@ -352,6 +352,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/jaas/index.html b/blog/tag/jaas/index.html index b0916663b5..0a1735fa5f 100644 --- a/blog/tag/jaas/index.html +++ b/blog/tag/jaas/index.html @@ -316,6 +316,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/jaspi/index.html b/blog/tag/jaspi/index.html index e80e3a5e6b..18f42a61e8 100644 --- a/blog/tag/jaspi/index.html +++ b/blog/tag/jaspi/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/java/index.html b/blog/tag/java/index.html index 372c8cf014..d6ee33e8e7 100644 --- a/blog/tag/java/index.html +++ b/blog/tag/java/index.html @@ -416,6 +416,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/jetty/index.html b/blog/tag/jetty/index.html index b570e4d595..4246cb73a5 100644 --- a/blog/tag/jetty/index.html +++ b/blog/tag/jetty/index.html @@ -252,6 +252,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/jvm/index.html b/blog/tag/jvm/index.html index 19234daa9b..9200aa4758 100644 --- a/blog/tag/jvm/index.html +++ b/blog/tag/jvm/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/kerberos/index.html b/blog/tag/kerberos/index.html index 8fe7c64093..eaeb47fc18 100644 --- a/blog/tag/kerberos/index.html +++ b/blog/tag/kerberos/index.html @@ -346,6 +346,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/keycloak/index.html b/blog/tag/keycloak/index.html index de5928f14e..6987c3507d 100644 --- a/blog/tag/keycloak/index.html +++ b/blog/tag/keycloak/index.html @@ -470,6 +470,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/keystore/index.html b/blog/tag/keystore/index.html index ceb52c9851..9120a3b665 100644 --- a/blog/tag/keystore/index.html +++ b/blog/tag/keystore/index.html @@ -316,6 +316,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ldap/index.html b/blog/tag/ldap/index.html index 96ecddbf79..2b50a71d01 100644 --- a/blog/tag/ldap/index.html +++ b/blog/tag/ldap/index.html @@ -166,6 +166,56 @@
    +
    +
    + Using distributed realm ignore-unavailable-realms attribute in Elytron +
    +
    + + + +

    By Lukas Vydra
    + November 20, 2023 | + + + #distributed-realm + + #filesystem-realm + + #ldap + + + +

    +
    + +
    +
    +
    + +

    An example of distributed realm ignore-unavailable-realms attribute usage in WildFly.

    + +
    +
    Read More ›
    +
    + +
    Using failover realm in Elytron @@ -306,6 +356,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/lets-encrypt/index.html b/blog/tag/lets-encrypt/index.html index 671eec0d79..0c20ce4770 100644 --- a/blog/tag/lets-encrypt/index.html +++ b/blog/tag/lets-encrypt/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/login-context/index.html b/blog/tag/login-context/index.html index c7be7a1a2a..80a7e77664 100644 --- a/blog/tag/login-context/index.html +++ b/blog/tag/login-context/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/login-module/index.html b/blog/tag/login-module/index.html index 5aeadb714e..c12ea2f6f0 100644 --- a/blog/tag/login-module/index.html +++ b/blog/tag/login-module/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/machine-learning/index.html b/blog/tag/machine-learning/index.html index c491ff4cf8..a5441ef902 100644 --- a/blog/tag/machine-learning/index.html +++ b/blog/tag/machine-learning/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/management-model/index.html b/blog/tag/management-model/index.html index 2ec943e20b..f017b9fec0 100644 --- a/blog/tag/management-model/index.html +++ b/blog/tag/management-model/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/management/index.html b/blog/tag/management/index.html index e3e551bdb9..370f024e1e 100644 --- a/blog/tag/management/index.html +++ b/blog/tag/management/index.html @@ -460,6 +460,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/migration/index.html b/blog/tag/migration/index.html index 5fd924b742..e0e028b5aa 100644 --- a/blog/tag/migration/index.html +++ b/blog/tag/migration/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/netty/index.html b/blog/tag/netty/index.html index 176392b2c8..628bb62c1a 100644 --- a/blog/tag/netty/index.html +++ b/blog/tag/netty/index.html @@ -260,6 +260,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/oath2/index.html b/blog/tag/oath2/index.html index d360cc0fb1..86bef54819 100644 --- a/blog/tag/oath2/index.html +++ b/blog/tag/oath2/index.html @@ -260,6 +260,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/oidc/index.html b/blog/tag/oidc/index.html index da9b01a3be..a1cb9bb850 100644 --- a/blog/tag/oidc/index.html +++ b/blog/tag/oidc/index.html @@ -168,7 +168,57 @@
    - Identity Propagation with OIDC + Securing WildFly Apps with Auth0 on OpenShift +
    +
    + + + +

    By Ashwin Mehendale
    + December 08, 2023 | + + + #oidc + + #openshift + + #auth0 + + + +

    +
    + +
    +
    +
    + +

    Learn how to secure applications deployed to WildFly on OpenShift with the Auth0 OpenID provider.

    + +
    +
    Read More ›
    +
    + + +
    +
    + Identity Propagation with OpenID Connect
    @@ -192,10 +242,10 @@
    -

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OIDC.

    +

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OpenID Connect.

    Read More ›
    @@ -662,6 +712,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/openshift/index.html b/blog/tag/openshift/index.html index daa3835de4..047cde1fc4 100644 --- a/blog/tag/openshift/index.html +++ b/blog/tag/openshift/index.html @@ -166,6 +166,56 @@
    +
    +
    + Securing WildFly Apps with Auth0 on OpenShift +
    +
    + + + +

    By Ashwin Mehendale
    + December 08, 2023 | + + + #oidc + + #openshift + + #auth0 + + + +

    +
    + +
    +
    +
    + +

    Learn how to secure applications deployed to WildFly on OpenShift with the Auth0 OpenID provider.

    + +
    +
    Read More ›
    +
    + +
    Securing WildFly Apps with OIDC on OpenShift @@ -364,6 +414,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/opensource/index.html b/blog/tag/opensource/index.html index 30bc2b50ba..3bd81fde19 100644 --- a/blog/tag/opensource/index.html +++ b/blog/tag/opensource/index.html @@ -694,6 +694,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/opensourceday/index.html b/blog/tag/opensourceday/index.html index d3a19d359e..d81888c1f3 100644 --- a/blog/tag/opensourceday/index.html +++ b/blog/tag/opensourceday/index.html @@ -568,6 +568,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/openssl/index.html b/blog/tag/openssl/index.html index 5a56657db9..51aeb836af 100644 --- a/blog/tag/openssl/index.html +++ b/blog/tag/openssl/index.html @@ -304,6 +304,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/osd/index.html b/blog/tag/osd/index.html index c3ca49e974..db49beca96 100644 --- a/blog/tag/osd/index.html +++ b/blog/tag/osd/index.html @@ -468,6 +468,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/peer/index.html b/blog/tag/peer/index.html index 637f062cc7..e4c08ed041 100644 --- a/blog/tag/peer/index.html +++ b/blog/tag/peer/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/permissions/index.html b/blog/tag/permissions/index.html index 0929ace2ab..14d346aa78 100644 --- a/blog/tag/permissions/index.html +++ b/blog/tag/permissions/index.html @@ -252,6 +252,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/planning/index.html b/blog/tag/planning/index.html index 6dd5c924a1..9563495439 100644 --- a/blog/tag/planning/index.html +++ b/blog/tag/planning/index.html @@ -436,6 +436,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/principal-decoder/index.html b/blog/tag/principal-decoder/index.html index 4e8fffae77..c626f73a8b 100644 --- a/blog/tag/principal-decoder/index.html +++ b/blog/tag/principal-decoder/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/principal-propagation/index.html b/blog/tag/principal-propagation/index.html index dead38292b..bb614fbf2a 100644 --- a/blog/tag/principal-propagation/index.html +++ b/blog/tag/principal-propagation/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/principal-transformer/index.html b/blog/tag/principal-transformer/index.html index 4fa259b390..85d952f744 100644 --- a/blog/tag/principal-transformer/index.html +++ b/blog/tag/principal-transformer/index.html @@ -448,6 +448,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/principal/index.html b/blog/tag/principal/index.html index 8ae0ad99a8..92dccc0fe3 100644 --- a/blog/tag/principal/index.html +++ b/blog/tag/principal/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/propagation/index.html b/blog/tag/propagation/index.html index ce670393e4..32c2a102a8 100644 --- a/blog/tag/propagation/index.html +++ b/blog/tag/propagation/index.html @@ -168,7 +168,7 @@
    - Identity Propagation with OIDC + Identity Propagation with OpenID Connect
    @@ -192,10 +192,10 @@
    -

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OIDC.

    +

    Learn how to propagate identities within a deployment and across deployments when securing WildFly apps with OpenID Connect.

    Read More ›
    @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/properties/index.html b/blog/tag/properties/index.html index 1f85eb7c65..4edba33523 100644 --- a/blog/tag/properties/index.html +++ b/blog/tag/properties/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/provider/index.html b/blog/tag/provider/index.html index 951a37267a..1c8400012a 100644 --- a/blog/tag/provider/index.html +++ b/blog/tag/provider/index.html @@ -262,6 +262,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/realm-mapper/index.html b/blog/tag/realm-mapper/index.html index bc1e130de1..eeb09a0fe9 100644 --- a/blog/tag/realm-mapper/index.html +++ b/blog/tag/realm-mapper/index.html @@ -302,6 +302,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/realm/index.html b/blog/tag/realm/index.html index e1ae63e4eb..aa39c3b2e8 100644 --- a/blog/tag/realm/index.html +++ b/blog/tag/realm/index.html @@ -354,6 +354,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/recap/index.html b/blog/tag/recap/index.html index 38f29e53f0..a77969ea0b 100644 --- a/blog/tag/recap/index.html +++ b/blog/tag/recap/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/release/index.html b/blog/tag/release/index.html index fddc007309..9c67cfa97f 100644 --- a/blog/tag/release/index.html +++ b/blog/tag/release/index.html @@ -594,6 +594,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/remote/index.html b/blog/tag/remote/index.html index 695f887e2d..143986c842 100644 --- a/blog/tag/remote/index.html +++ b/blog/tag/remote/index.html @@ -406,6 +406,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/resteasy/index.html b/blog/tag/resteasy/index.html index 17c8166b2c..381e0e2038 100644 --- a/blog/tag/resteasy/index.html +++ b/blog/tag/resteasy/index.html @@ -316,6 +316,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/rfc/index.html b/blog/tag/rfc/index.html index 1572ddf484..4787d776a9 100644 --- a/blog/tag/rfc/index.html +++ b/blog/tag/rfc/index.html @@ -298,6 +298,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/role-mapper/index.html b/blog/tag/role-mapper/index.html index f9b73016a1..489c7fab6a 100644 --- a/blog/tag/role-mapper/index.html +++ b/blog/tag/role-mapper/index.html @@ -252,6 +252,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/rule-engine/index.html b/blog/tag/rule-engine/index.html index 9d55ee224f..045fbab8cb 100644 --- a/blog/tag/rule-engine/index.html +++ b/blog/tag/rule-engine/index.html @@ -254,6 +254,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/saml/index.html b/blog/tag/saml/index.html index 6e3c8745e2..92c84111ac 100644 --- a/blog/tag/saml/index.html +++ b/blog/tag/saml/index.html @@ -260,6 +260,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/sasl/index.html b/blog/tag/sasl/index.html index ada4a835c9..b64c8f38b6 100644 --- a/blog/tag/sasl/index.html +++ b/blog/tag/sasl/index.html @@ -374,6 +374,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/security-events/index.html b/blog/tag/security-events/index.html index 75a9603fc7..4b2c219ad4 100644 --- a/blog/tag/security-events/index.html +++ b/blog/tag/security-events/index.html @@ -254,6 +254,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/security-realm/index.html b/blog/tag/security-realm/index.html index 0f2cb1b6b0..273b8dbbfc 100644 --- a/blog/tag/security-realm/index.html +++ b/blog/tag/security-realm/index.html @@ -466,6 +466,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/sha-256/index.html b/blog/tag/sha-256/index.html index af7b26fe1e..9cf1f5b46b 100644 --- a/blog/tag/sha-256/index.html +++ b/blog/tag/sha-256/index.html @@ -266,6 +266,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/sha-512-256/index.html b/blog/tag/sha-512-256/index.html index 36176b3546..c2876dfde4 100644 --- a/blog/tag/sha-512-256/index.html +++ b/blog/tag/sha-512-256/index.html @@ -266,6 +266,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/sni/index.html b/blog/tag/sni/index.html index 7b68ae81de..09c4b58491 100644 --- a/blog/tag/sni/index.html +++ b/blog/tag/sni/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/spi/index.html b/blog/tag/spi/index.html index e7a61cc0d7..e12f5d1d94 100644 --- a/blog/tag/spi/index.html +++ b/blog/tag/spi/index.html @@ -260,6 +260,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/spnego/index.html b/blog/tag/spnego/index.html index 94521f245d..c58baf3b84 100644 --- a/blog/tag/spnego/index.html +++ b/blog/tag/spnego/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ssh/index.html b/blog/tag/ssh/index.html index e115aab1b0..9a23bbc886 100644 --- a/blog/tag/ssh/index.html +++ b/blog/tag/ssh/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ssl-context/index.html b/blog/tag/ssl-context/index.html index e3e0c675f5..3677df7357 100644 --- a/blog/tag/ssl-context/index.html +++ b/blog/tag/ssl-context/index.html @@ -368,6 +368,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ssl/index.html b/blog/tag/ssl/index.html index e7de5c57ea..a5e901cee6 100644 --- a/blog/tag/ssl/index.html +++ b/blog/tag/ssl/index.html @@ -1280,6 +1280,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/sso/index.html b/blog/tag/sso/index.html index da02099b75..a428761004 100644 --- a/blog/tag/sso/index.html +++ b/blog/tag/sso/index.html @@ -260,6 +260,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/tls/index.html b/blog/tag/tls/index.html index cc77e28cc3..cc3d6723a4 100644 --- a/blog/tag/tls/index.html +++ b/blog/tag/tls/index.html @@ -1342,6 +1342,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/token/index.html b/blog/tag/token/index.html index 7dbb75e309..d3d2daa72a 100644 --- a/blog/tag/token/index.html +++ b/blog/tag/token/index.html @@ -266,6 +266,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/tool/index.html b/blog/tag/tool/index.html index b64617e559..827e421e70 100644 --- a/blog/tag/tool/index.html +++ b/blog/tag/tool/index.html @@ -358,6 +358,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/trust-manager/index.html b/blog/tag/trust-manager/index.html index de28407a2a..cb1c45fe95 100644 --- a/blog/tag/trust-manager/index.html +++ b/blog/tag/trust-manager/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/truststore/index.html b/blog/tag/truststore/index.html index 2e37f96e63..8a5384e1d0 100644 --- a/blog/tag/truststore/index.html +++ b/blog/tag/truststore/index.html @@ -264,6 +264,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/undertow/index.html b/blog/tag/undertow/index.html index aec3b2bb3b..1060aad1ce 100644 --- a/blog/tag/undertow/index.html +++ b/blog/tag/undertow/index.html @@ -462,6 +462,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/updates/index.html b/blog/tag/updates/index.html index fdac227aee..bade1c03eb 100644 --- a/blog/tag/updates/index.html +++ b/blog/tag/updates/index.html @@ -302,6 +302,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/ux/index.html b/blog/tag/ux/index.html index ff918bfc6e..6e88b051e5 100644 --- a/blog/tag/ux/index.html +++ b/blog/tag/ux/index.html @@ -256,6 +256,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/vault/index.html b/blog/tag/vault/index.html index 3dfa362756..2ad68b9af5 100644 --- a/blog/tag/vault/index.html +++ b/blog/tag/vault/index.html @@ -258,6 +258,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/vlog/index.html b/blog/tag/vlog/index.html index 3f15f89df0..baa20485e1 100644 --- a/blog/tag/vlog/index.html +++ b/blog/tag/vlog/index.html @@ -356,6 +356,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/webservices/index.html b/blog/tag/webservices/index.html index f6e76f2fae..9df84339c3 100644 --- a/blog/tag/webservices/index.html +++ b/blog/tag/webservices/index.html @@ -304,6 +304,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/tag/x509/index.html b/blog/tag/x509/index.html index a93ba235f2..4683fe74d8 100644 --- a/blog/tag/x509/index.html +++ b/blog/tag/x509/index.html @@ -304,6 +304,10 @@

    Tags

    + auth0
    + + + authentication
    diff --git a/blog/wildfly-oidc-identity-propagation/index.html b/blog/wildfly-oidc-identity-propagation/index.html index e6d5af8295..306bbd8322 100644 --- a/blog/wildfly-oidc-identity-propagation/index.html +++ b/blog/wildfly-oidc-identity-propagation/index.html @@ -3,7 +3,7 @@ - Elytron: Identity Propagation with OIDC + Elytron: Identity Propagation with OpenID Connect @@ -26,9 +26,9 @@ gtag('config', 'UA-135301155-1'); -Identity Propagation with OIDC | WildFly Elytron +Identity Propagation with OpenID Connect | WildFly Elytron - + @@ -41,9 +41,9 @@ - + +{"@context":"https://schema.org","@type":"BlogPosting","author":{"@type":"Person","name":"Farah Juma"},"dateModified":"2023-11-15T00:00:00+00:00","datePublished":"2023-11-15T00:00:00+00:00","description":"When securing an application with OpenID Connect (OIDC), WildFly automatically creates and makes use of a virtual security domain across the deployment. If the application invokes an EJB, additional configuration might be required in order to propagate the security identity from the virtual security domain. The configuration that’s needed depends on how the EJB that’s being invoked is secured. This guide covers the different use cases for propagating an identity from a virtual security domain.","headline":"Identity Propagation with OpenID Connect","image":"https://wildfly-security.github.io/wildfly-elytron/assets/images/wildfly-elytron-logo.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"https://wildfly-security.github.io/wildfly-elytron/blog/wildfly-oidc-identity-propagation/"},"url":"https://wildfly-security.github.io/wildfly-elytron/blog/wildfly-oidc-identity-propagation/"} @@ -160,7 +160,7 @@
    -

    Identity Propagation with OIDC

    +

    Identity Propagation with OpenID Connect

    @@ -185,10 +185,10 @@

    Identity Propagation with OIDC

    diff --git a/feed.xml b/feed.xml index 4b59e3df17..af32b9b5a2 100644 --- a/feed.xml +++ b/feed.xml @@ -5,10 +5,38 @@ WildFly Elytron https://wildfly-security.github.io/wildfly-elytron - Wed, 15 Nov 2023 16:10:28 +0000 + Fri, 08 Dec 2023 22:53:44 +0000 - Identity Propagation with OIDC + Securing WildFly Apps with Auth0 on OpenShift + + https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-auth0-openshift/ + + + You can secure your WildFly applications deployed on OpenShift with OpenID Connect (OIDC). By using OIDC to secure applications, you delegate authentication to OIDC providers. This guide shows how to secure an example application deployed to WildFly on OpenShift with OIDC using Auth0 as the OIDC provider. Prerequisites Example Application... + + Fri, 08 Dec 2023 00:00:00 +0000 + + https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-auth0-openshift/ + + + + + Using distributed realm ignore-unavailable-realms attribute in Elytron + + https://wildfly-security.github.io/wildfly-elytron/blog/distributed-realm-ignore-unavailable-realms/ + + + A distributed-realm is made up of a list of realms. Each realm in the list is sequentially attempted until we either find the user or run out of realms. If a realm happens to be unavailable, by default search is stopped altogether. With the introduction of the ignore-unavailable-realms boolean attribute... + + Mon, 20 Nov 2023 00:00:00 +0000 + + https://wildfly-security.github.io/wildfly-elytron/blog/distributed-realm-ignore-unavailable-realms/ + + + + + Identity Propagation with OpenID Connect https://wildfly-security.github.io/wildfly-elytron/blog/wildfly-oidc-identity-propagation/ @@ -21,6 +49,20 @@ + + Change the default encoding of the audit log file in WildFly + + https://wildfly-security.github.io/wildfly-elytron/blog/specify-file-audit-log-encoding/ + + + The default encoding used for the audit log file is UTF-8. Starting from WildFly 29, you can change the default encoding by specifying encoding attribute in file-audit-log, periodic-rotating-file-audit-log or size-rotating-file-audit-log elements in the Elytron subsystem. Possible values are: UTF-8, UTF-16BE, UTF-16LE, UTF-16, US-ASCII or ISO-8859-1. <file-audit-log name="local-file" path="audit.log" relative-to="jboss.server.log.dir" synchronized="false"... + + Tue, 14 Nov 2023 00:00:00 +0000 + + https://wildfly-security.github.io/wildfly-elytron/blog/specify-file-audit-log-encoding/ + + + Securing WildFly Apps with OIDC on OpenShift @@ -105,47 +147,5 @@ - - Vlog: Join us at Open Source Day, No Prior Experience Needed - - https://www.youtube.com/watch?v=PAcqCa8u0Z8 - - - - - Wed, 06 Sep 2023 00:00:00 +0000 - - https://www.youtube.com/watch?v=PAcqCa8u0Z8 - - - - - Vlog: Begin your Open Source Journey with the WildFly Elytron Project at Open Source Day - - https://www.youtube.com/watch?v=vUWGPTCNl4I - - - - - Tue, 29 Aug 2023 00:00:00 +0000 - - https://www.youtube.com/watch?v=vUWGPTCNl4I - - - - - Securing the WildFly Management Console with OpenID Connect - - https://wildfly-security.github.io/wildfly-elytron/blog/securing-management-console-oidc/ - - - WildFly 29 Final, which was just released last week, includes the ability to secure the WildFly Management Console with OpenID Connect using the Keycloak OpenID provider. This blog post gives an overview of how to configure this. OpenID Connect Securing the WildFly Management Console with the Keycloak OpenID Provider Keycloak... - - Mon, 24 Jul 2023 00:00:00 +0000 - - https://wildfly-security.github.io/wildfly-elytron/blog/securing-management-console-oidc/ - - -