Keycloak 是一個針對Web應用和 RESTful Web 服務提供 SSO 集成。基於 OAuth 2.0 和 JSON Web Token(JWT) 規范。目前用於實現 JBoss 與 Wildfly 通訊,但將來將為 Tomcat、Jetty、Node.js、Rails、Grails 等環境提供解決方案。
主要功能:
-
SSO和單登出的瀏覽器應用程序
-
不需要編寫代碼就能夠登錄Social Broker. Enable Google, Facebook, Yahoo, Twitter
-
可選用戶注冊
-
密碼和TOTP支持(通過谷歌的Authenticator)。客戶端證書身份驗證即將支持。
-
可自定義的主題為面向用戶的頁面
-
OAuth Bearer token auth for REST Services
-
Integrated Browser App to REST Service token propagation
-
OAuth 2.0 Grant requests
-
CORS 支持
-
CORS Web Origin management and validation
-
Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
-
Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
-
Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
-
支持JBoss AS7, EAP 6.x, 和 Wildfly 應用. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
-
Javascript/HTML 5 adapter for pure Javascript apps
-
Session management from admin console
-
Revocation policies
-
Password policies
-
OpenID Connect 支持