Hello.
I can help you with that since we are deeply integrating keycloak with our wiki.
You can use https://github.com/tdudgeon/xwiki_authenticator_keycloak as base for your project
It’s 5 year old but changing xwiki version and following instructions it will works.
You must download the Keycloak adapters and follow their instructions
https://www.keycloak.org/docs/latest/securing_apps/#_tomcat_adapter
You can found the adapters here https://github.com/keycloak/keycloak/releases/download/12.0.4/keycloak-oidc-tomcat-adapter-12.0.4.tar.gz all theses jar should be put in the libs
forlder of your tomcat
You will have as explain in their documentation to change context.xml
of your tomcat with
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
Also in your WEB-INF
folder you will need keycloak.json
with your configuration
{
"realm": "yourKeycloakRealm",
"auth-server-url": "yourKeycloakDomain/auth",
"ssl-required": "external",
"resource": "yourClientId",
"credentials": {
"secret": "yourClientSecret"
},
"use-resource-role-mappings": false,
"confidential-port": 0
}
Also at the end of your web.xml
you will need something like
<security-constraint>
<web-resource-collection>
<web-resource-name>xwiki</web-resource-name>
<url-pattern>/bin/login/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>your_role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ignored</realm-name>
</login-config>
<security-role>
<role-name>your_role</role-name>
</security-role>
your_role
is a realm role that your user in keycloak must have to login through the keycloak adapter
also xwiki.cfg
will need
xwiki.authentication.authclass=com.xwiki.authentication.keycloak.XWikiKeycloakAuthenticator
Then you probably have to change a bit the extension of their github to fit your needs
https://github.com/tdudgeon/xwiki_authenticator_keycloak/blob/master/src/main/java/com/xwiki/authentication/keycloak/XWikiKeycloakAuthenticator.java
You should probably fork it as well, upgrade pom to your xwiki version fix java issues due to the upgrade to last version of xwiki and then recompile it to be installed in your wiki.
It’s not really an easy works especially rebuild and deploy your own version of the extension but I hope this information will save you a few days of additional work.