Skip to main content

WWPass Identity Provider Integration With Keycloak

This document describes how to integrate WWPass identity provider to Keycloak.

Prerequisites

The WWPass Service Provider certificate and private key are required. Obtain them at https://manage.wwpass.com/.

Initial Setup

  1. Install Java Install Java
  2. Install HAProxy Install HAProxy
  3. Create a directory. Download Keycloak Download Keycloak
  4. Unarchive Keycloak distribution Unarchive distribution
  5. Rename the directory Rename directory
  6. Create a self-signed certificate Self-signed certificate
  7. Create a Keycloak log directory Keycloak log directory
  8. Create a Keycloak service user Keycloak service user
  9. Configure keycloak.conf for SSL Keycloak configuration for SSL
  10. Build Keycloak. Start developer mode Developer mode
  11. Start Keycloak for the first time. Create an admin user and password Keycloak admin user and password
  12. Create a Keycloak systemd unit Keycloak systemd unit
  13. Reload the system. Enable Keycloak service unit Enable Keycloak service unit
  14. Start Keycloak Start Keycloak
  15. Check if Keycloak starts and listens to the required ports Keycloak listens to the required ports
  16. Switch to the HAProxy configuration directory. Set SSL certificates to be used HAProxy: use SSL certificates
  17. Set HAProxy certificate file permissions HAProxy certificate file permission
  18. Configure HAProxy as follows or as you need Configure HAProxy
  19. Check if the HAProxy configuration file is valid. Start HAProxy. Check if it is running Check if HAProxy config is valid
  20. Go to Keycloak Administration Console Keycloak Administration Console
  21. Authenticate to Administration Console Administration Console Authentication

WWPass Identity Provider Installation

You can find a detailed description here

  1. Download and unarchive WWPass authenticator WWPass Authenticator
  2. Dive into the source code directory Source directory
  3. Install Maven to build the WWPass library Install maven
  4. Set KEYCLOAK_HOME to your installation directory
$ export KEYCLOAK_HOME="<path_to_keycloak_root>"
  1. Build WWPass authentication library WWPass Authentication Library
  2. Build success. Deploy the library to a destination directory. Restart Keycloak Deploy library. Restart Keycloak

Add WWPass Authentication Provider

  1. Login to the Keycloak Administration Console: https://key.example.com/admin/master/console/

  2. Select a realm or create a new one 01_select-realm.png

  3. Click Identity providers in the Configure menu 02_go-to-IdP.png

  4. Click the Add provider button. Select the WWPass authentication 03_select-wwpass.png

  5. Fill all the fields as follows 04_complete-feilds.png Fields description:

    • Client ID – any string describes this Identity Provider, e.g. wwpass;
    • Client Secret – any string (unused. Keycloak drawback);
    • Certificate – WWPass SP certificate (obtain at https://manage.wwpass.com/);
    • Private Key – certificate’s private key;
    • Use PIN – option for WWPass PassKey application to request a PIN (turn on if needed).

  6. Click the Add button to add the Identity Provider

  7. Switch to the Authentication in Configure menu. Click the browser link 05_go-to-auth.png

  8. Click the Settings icon next to the Identity Provider Redirector 06_select-browser.png

  9. Add wwpass as the Identity Provider Redirector 07_edit-provider-proper.png

  10. Click Save to save changes

Attaching Keycloak Account to WWPass

  1. Sign in to Keycloak Sign in
  2. Scan the QR code QR code
  3. Fill out the Account Information form Account information form
  4. Click Add to existing account Add to existing account
  5. The binding result Binding result