Keycloak 是一个为浏览器和 RESTful Web 服务提供 SSO 的集成。基于 OAuth 2.0 和 JSON Web Token(JWT) 规范。最开始是面向 JBoss 和 Wildfly 通讯，但已经计划为其他诸如 Tomcat、Jetty、Node.js、Rails、Grails 等环境提供解决方案。

主要功能：

• SSO and Single Log Out for browser applications

• Social Broker.  Enable Google, Facebook, Yahoo, Twitter social login with no code required.

• Optional User Registration

• Password and TOTP support (via Google Authenticator).  Client cert auth coming soon.

• Customizable themes for user facing pages

• OAuth Bearer token auth for REST Services

• Integrated Browser App to REST Service token propagation

• OAuth 2.0 Grant requests

• CORS Support

• CORS Web Origin management and validation

• Completely centrally managed user and role mapping metadata.  Minimal configuration at the application side

• Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.

• Deployable as a WAR, appliance, or an Openshift  cloud service (SaaS).

• Supports JBoss AS7, EAP 6.x, and Wildfly applications.   Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.

• Javascript/HTML 5 adapter for pure Javascript apps

• Session management from admin console

• Revocation policies

• Password policies

• OpenID Connect Support

您可能感兴趣的文章: