Red Hat Single Sign-On Administration

Bookmark this page
P123456
PreviousNext

Chapter 2.  Install and Configure Red Hat Single Sign-On

Section Red Hat Single Sign-On Installation
SectionObjectives
SectionRH-SSO Deployment
SectionRH-SSO Installation
SectionRH-SSO Operating Modes
SectionRH-SSO Important Directories and Files
SectionManage RH-SSO Subsystem Configuration
SectionRun RH-SSO
Guided Exercise: Red Hat Single Sign-On Installation
Explore and Configure the Admin Console
Objectives
Keycloak Terminology
Red Hat Single Sign-On Admin Console
Guided Exercise: Explore and Configure the Admin Console
Red Hat Single Sign-On Admin CLI
Objectives
RH-SSO Admin CLI
Admin CLI Commands
Guided Exercise: Red Hat Single Sign-On Admin CLI
Lab: Install Red Hat Single Sign-On
Summary

Abstract

Goal

Identify the best option for installing and configuring RH-SSO depending on the infrastructure.

Objectives

  • Install and Configure Red Hat Single Sign-On.

Sections

  • Red Hat Single Sign-On Installation  (and Guided Exercise)

  • Explore and Configure the Admin Console  (and Guided Exercise)

  • Red Hat Single Sign-On Admin CLI  (and Guided Exercise)

Lab

  • Install Red Hat Single Sign-On

Red Hat Single Sign-On Installation

Objectives

  • Describe the various ways to install Red Hat Single Sign-On.

RH-SSO Deployment

Red Hat Single Sign-On (RH-SSO) is a product composed out of the following components:

  • The Keycloak web application, an open source project aiming to provide identity and access management.

  • A relational database, to store the persistent data for the identity and access management.

  • Red Hat JBoss Enterprise Application Platform (EAP), an enterprise Jakarta EE application server, which acts as the base HTTP server runtime and caching engine.

  • A set of adapters to integrate different types of applications with the single sign-on protocols that RH-SSO implements.

You can deploy RH-SSO in a virtualized or bare metal platform. You can also deploy RH-SSO on a container orchestration platform, such as Red Hat OpenShift.

Note

To see the full list of supported platforms, tested configurations, tested integrations, and OpenShift configurations refer to https://access.redhat.com/articles/2342861#Comp_7_6

In both scenarios RH-SSO runs on top of JBoss EAP. However, there are differences on how to manage the RH-SSO installation and infrastructure depending on what platform you are using. Refer to the documentation related to each platform in the references section to start, configure, manage, or use advanced RH-SSO features related to high availability and fault tolerance, or performance tuning.

The steps for deploying a basic RH-SSO instance are summarized as follows:

  1. Install RH-SSO by using the selected method (from a .zip file, from an RPM package, or by using Red Hat OpenShift).

  2. Select the RH-SSO operating mode (only for installations from a .zip file or RPM package, because on Red Hat OpenShift always runs in stand-alone mode).

  3. Configure the RH-SSO subsystems. Subsystems are groups of customizable features of JBoss EAP.

  4. Create the administrator account.

  5. Start the RH-SSO instance.

  6. Log in to the administrator console.

RH-SSO Installation

Red Hat supports different methods to install RH-SSO: from a .zip file, from an RPM package, by using Red Hat OpenShift operators, or by using Red Hat OpenShift templates. You can also deploy RH-SSO by using other methods, such as using an Ansible Collection. However, Red Hat does not support these methods. See the references section for more information about installing and configuring RH-SSO by using an Ansible Collection.

Depending on your requirements and the deployment scenario, you must choose the appropriate installation method. For example, if your infrastructure runs Windows servers, then you can only install RH-SSO with the .zip file option.

This chapter focuses only on the installation from a .zip file on Red Hat Enterprise Linux (RHEL). Refer to the documentation to find more information about installing RH-SSO from an RPM package or by using Red Hat OpenShift templates. Installing RH-SSO by using Red Hat OpenShift operators is covered in more detail later in this course.

Install RH-SSO from a .zip File

The RH-SSO server .zip file contains the scripts and binaries to run the RH-SSO server. The procedure to install RH-SSO in a RHEL platform from a .zip file is the following:

  1. Access to the Red Hat Customer Portal.

  2. Download the Red Hat Single Sign-On 7.6 server .zip file.

  3. Unpack the .zip file by using your preferred utility, for example unzip. Use the -d option to specify to the directory where to unpack the file. Remember to set the appropriate permissions to the RH-SSO directory if necessary.

    [rhsso@sso ~]$ sudo unzip rh-sso-7.6.0-server-dist.zip -d /opt

RH-SSO Operating Modes

The RH-SSO operating mode refers to the way that the system administrator manages the RH-SSO infrastructure. These operating modes are inherited from JBoss EAP. The stand-alone modes define individual instances. Therefore, in the stand-alone modes you must modify the configuration in all the server instances. In the domain modes, there is a central management point for all the instances. You can choose between the stand-alone and domain operating modes only when not running RH-SSO on Red Hat OpenShift. You can specify to the RH-SSO instance which XML configuration file to use for starting.

RH-SSO download includes the following stand-alone and domain configurations, represented by an XML file:

Stand-alone

Used when you want to run only one RH-SSO server instance. Use this operating mode for learning, testing, and debugging purposes. This chapter focuses mainly on this type of operating mode. You can find the subsystem configuration for the stand-alone operating mode in the $RHSSO/standalone/configuration/standalone.xml file.

Stand-alone Clustered

Applies when you want to run RH-SSO within a cluster, managing server lifecycle and configuration manually. Use this operating mode for small deployments, testing, and debugging purposes. You can find the subsystem configuration for the stand-alone clustered operating mode in the $RHSSO/standalone/configuration/standalone-ha.xml file.

Domain Clustered

This mode of operation centrally manages and publishes the configuration for your servers. It is useful for medium- to large-scale clustered deployments, or in environments where multiple independent RH-SSO instances must exist but centralized management is preferable. You can find the subsystem configuration for the domain clustered operating mode in the $RHSSO/domain/configuration/domain.xml file.

Cross-site Replication

Used to run RH-SSO in a cluster across multiple data centers, where each data center has its own cluster of servers. Two essential additions to this topology are a replicated database and Red Hat Data Grid to perform cross-site replication of data needed to operate reliably. Red Hat does not fully support the cross-site replication operating mode because it is a Technology Preview feature.

When running RH-SSO in Red Hat OpenShift you can only use the stand-alone operating mode. You can find the subsystem configuration for the stand-alone operating mode in Red Hat OpenShift in the $RHSSO/standalone/configuration/standalone-openshift.xml file in an RH-SSO running container.

Stand-alone Versus Containerized Deployment

There are some key differences between the containerized version of RH-SSO and the one installed on bare metal or virtualized machines.

The first one is the start method. There is no choice between stand-alone and domain mode in a containerized RH-SSO instance, because the task of configuring and controlling the server instance is delegated to the Red Hat OpenShift scheduler, the container image start parameters, and the scripts that execute the start procedure.

Additionally, these scripts generate all relevant configuration files by using environment variables in the containerized version, and you cannot edit the files directly.

Being a level 3 operator, the RH-SSO operator must be able to automate provisioning, manage configuration, perform patches and minor version upgrades, and perform scheduled backups of data. The RH-SSO operator achieves all these operations by means of various custom resources, which are covered in more detail later in this course.

RH-SSO Important Directories and Files

When you manually install RH-SSO from the .zip file or the RPM package, you can find different directories under the installation path. The following table lists some of the significant directories and their contents:

Table 2.1. Significant RH-SSO Directories

DirectoryPurpose
bin Contains various scripts to either boot the server or perform other management actions on the server, such as creating the RH-SSO management user.
domain Contains configuration files for RH-SSO running in domain mode.
modules Contains all the Java libraries that RH-SSO uses.
standalone Contains configuration files for RH-SSO running in stand-alone mode.
standalone/deployments Contains the extensions for RH-SSO. Note that although RH-SSO runs in an application server, you cannot deploy other applications on the same instances where RH-SSO is running.
themes Contains all the HTML files, style sheets, JavaScript files, and images used to display in the web UI by the server.
operating-mode/configuration Contains the XML subsystem configuration files.

As previously explained, you can configure the different subsystems of JBoss EAP by modifying the XML file in the configuration directory. This file also contains all the information about the server, such as resources, networking, deployments, socket bindings, and other configuration details. As an example, the following configuration/standalone.xml file shows the most important subsystems for RH-SSO:

<?xml version='1.0' encoding='UTF-8'?>
    ...output omitted...
        <subsystem xmlns="urn:jboss:domain:datasources:6.0"> 1
            <datasources>
                ...output omitted...
            </datasources>
        </subsystem>
        ...output omitted...
        <subsystem xmlns="urn:jboss:domain:infinispan:12.0"> 2
            <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
                ...output omitted...
            </cache-container>
        </subsystem>
        ...output omitted...
        <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> 3
            ...output omitted...
        </subsystem>
        ...output omitted...
        <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}"> 4
        ...output omitted...
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
...output omitted...

1

The datasources subsystem maintains the applications server connections pool to the database. You need to declare your database driver for your external database in the <drivers> XML block.

2

The infinispan subsystem provides caching support for JBoss EAP. Use it to configure and view runtime metrics for named cache containers and caches.

RH-SSO has two types of caches. The first one is a local cache used to decrease load on the database and response times by keeping data in memory. For example, RH-SSO stores realms, clients, roles, and user metadata in this cache. Local caches do not replicate and keep copies locally, even in a cluster configuration. If an entry is updated in a cluster configuration, then an invalidation message is sent to the rest of the cluster and RH-SSO evicts the entry.

A separate replicated cache called work sends the invalidation messages to the whole cluster so they can evict those entries from local caches. This procedure reduces network traffic and avoids transmitting sensitive data.

The second type is a temporary cache that handles user sessions, offline tokens, and login failures.

3

Use the keycloak-server subsystem to configure the service provider interfaces (SPIs).

4

Configure the web server and servlet container settings by using the undertow subsystem.

Manage RH-SSO Subsystem Configuration

After installing RH-SSO, you can configure the RH-SSO subsystems. For example, you can change the default database to another database more appropriate for production environments or bind your RH-SSO to a different IP.

You can modify the subsystems by stopping the RH-SSO instance, changing the configuration in the XML configuration file, and starting it again. However, the recommended way to manage subsystems is to use the JBoss EAP management command-line interface (CLI). You can use the JBoss EAP management CLI to start and stop servers, deploy and undeploy applications, configure system settings, and perform other administrative tasks. You can run multiple of these tasks as a group in batch mode.

Note

For more information about managing JBoss EAP subsystems by using the CLI, refer to https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/management_cli_guide/index#management_cli_overview

Change the Default Database

RH-SSO comes with its own H2 Java-based in-memory relational database. This database is only for testing purposes, because it is not viable in high concurrency situations. Thus, Red Hat recommends to replace it by a production ready external database when deploying RH-SSO in real environments. You can connect RH-SSO to relational databases by using Java Database Connectivity (JDBC) with the JDBC drivers provided by database vendors.

The procedure to configure RH-SSO to connect to an external database needs the following steps:

  1. Download the JDBC driver JAR file for your relational database management system (RDBMS) from your database vendor.

  2. Create a directory structure for the module definition in the modules directory of your RH-SSO distribution. Use the Java package name of the JDBC driver for the name of the directory structure. For example, for a PostgreSQL database create the org/postgresql/main directory tree inside the modules directory. Then, create in the same directory the module.xml file as follows:

    <?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.3" name="module_name"> 1

    <resources>
        <resource-root path="jar_filename"/> 2
    </resources>

    <dependencies>
        <module name="javax.api"/>
        <module name="javax.transaction.api"/>
    </dependencies>
</module>

    1

    The module name should match the directory structure of your module.

    2

    The resource-root path attribute should specify the JAR file name of the driver.

  3. Declare the JDBC driver into the deployment mode configuration file so it is available when you run RH-SSO. The deployment mode configuration file is an XML file inside the configuration directory of the deployment mode. For example, for stand-alone mode the configuration file is standalone/configuration/standalone.xml. In that file, search for the drivers XML block within the datasources subsystem and declare the JDBC driver for your external database.

      <subsystem xmlns="urn:jboss:domain:datasources:6.0">
     <datasources>
       ...output omitted...
       <drivers>
          <driver name="driver_name" module="module_name"> 1
              <xa-datasource-class>driver_java_class</xa-datasource-class> 2
          </driver>
       </drivers>
     </datasources>
  </subsystem>

    1

    The driver name is the name for the database driver. The module name should match the directory structure of your module.

    2

    The xa-datasource-class attribute should specify the fully qualified name of the XADataSource implementation class.

    Finally, in the same configuration file and XML block, modify the existing datasource configuration to connect it to the external database.

      <subsystem xmlns="urn:jboss:domain:datasources:6.0">
     <datasources>
       ...output omitted...
       <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
           <connection-url>connection_url</connection-url> 1
           <driver>driver_name</driver> 2
           <pool>
               <max-pool-size>20</max-pool-size>
           </pool>
           <security>
               <user-name>db_username</user-name> 3
               <password>db_password</password> 4
           </security>
       </datasource>
        ...output omitted...
     </datasources>
  </subsystem>

    1

    Database URL.

    2

    The name for the database driver.

    3

    Database username.

    4

    Database password.

You can also create a JBoss CLI script to automate the previous steps. The following example is a JBoss CLI script to connect to a PostgreSQL database. This script declares the JDBC driver in the datasources subsystem and modifies the existing datasource configuration to connect it to the external database.

batch

set DB_USERNAME=<db_username> 1
set DB_PASSWORD=<db_password>
set DRIVER_NAME=postgres
set DRIVER_MODULE_NAME=org.postgres
set XA_DATABASESOURCE_CLASS="org.postgresql.xa.PGXADataSource"
set CONNECTION_URL="jdbc:postgresql://<postgres_ip>:5432/keycloak"
set FILE=<postgresql-jar-path>

embed-server --std-out=echo

module add --name=$DRIVER_MODULE_NAME --resources=$FILE --dependencies=javax.api,javax.resource.api 2

/subsystem=datasources/jdbc-driver=$DRIVER_NAME:add( \ 3
  driver-name=$DRIVER_NAME, \
  driver-module-name=$DRIVER_MODULE_NAME, \
  xa-datasource-class=$XA_DATABASESOURCE_CLASS \
)

/subsystem=datasources/data-source=KeycloakDS:remove() 4
/subsystem=datasources/data-source=KeycloakDS:add( \
  jndi-name=java:jboss/datasources/KeycloakDS, \
  enabled=true, \
  use-java-context=true, \
  connection-url=$CONNECTION_URL, \
  driver-name=$DRIVER_NAME, \
  user-name=$DB_USERNAME, \
  password=$DB_PASSWORD \
)

/subsystem=elytron/key-store=httpsKS:add(relative-to=jboss.server.config.dir,path=sso.lab.example.com.p12,credential-reference={clear-text=redhat123},type=PKCS12) 5
/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,credential-reference={clear-text=redhat123})
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2", "TLSv1.3"])
/subsystem=elytron/server-ssl-context=httpsSSC:write-attribute(name=cipher-suite-names,value=TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:
TLS_AES_128_GCM_SHA256)
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=httpsSSC)
/socket-binding-group=standard-sockets/socket-binding=http:write-attribute(name=port, value=8443)
/socket-binding-group=standard-sockets/socket-binding=https:write-attribute(name=port, value=8080)

run-batch

1

Database variables.

2

Create the database module.

3

Declare the JDBC driver in the datasources subsystem.

4

Modify the datasource subsystem configuration to connect it to the external database.

5

Configure RH-SSO to use TLS v1.2 and v1.3. Use port 8443 for HTTP connections and port 8080 for HTTPS connections.

After creating the JBoss CLI script, you can run it by using the JBoss management CLI to connect to the external database.

[rhsso@sso rh-sso-7.6]$ bin/jboss-cli.sh \
  --file=/opt/rh-sso-7.6/bin/sso-extensions.cli
...output omitted...

Bind a Different IP

By default, RH-SSO binds to the local host loop back address 127.0.0.1. Thus, the authentication and authorization server is only available on the local machine. If you want RH-SSO to be available on your network, then you must set the bind address.

You can set the bind address by modifying the jboss.bind.address system property on the XML configuration file. For example, for the stand-alone mode you can set the bind address in the interfaces XML block in the standalone/configuration/standalone.xml file:

    ...output omitted...
    <interfaces>
        <interface name="management"> 1
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
        </interface>
        <interface name="public"> 2
            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
        </interface>
    </interfaces>
    ...output omitted...

1

The management interface corresponds to ports for the management tools for JBoss EAP.

2

The public interface corresponds to subsystems creating ports that are available publicly, such as the HTTP ports serving the RH-SSO services.

You can also set the bind address manually from the command line when booting your RH-SSO instance by using the -Djboss.bind.address option:

[rhsso@sso rh-sso-7.6]$ bin/standalone.sh -Djboss.bind.address=192.168.0.20
...output omitted...

Bind a Different Port

By default, RH-SSO uses port 8080 for HTTP connections and port 8443 for HTTPS connections. You can set the socket port binding by modifying the jboss.http.port and jboss.https.port system properties on the XML configuration file. For example, for the stand-alone mode you can set the socket port binding in the socket-binding-group XML block in the standalone/configuration/standalone.xml file:

    ...output omitted...
    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
        <socket-binding name="http" port="${jboss.http.port:8080}"/>
        <socket-binding name="https" port="${jboss.https.port:8443}"/>
        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
        </outbound-socket-binding>
    </socket-binding-group>
    ...output omitted...

You can also set the socket port binding manually from the command line when booting your RH-SSO instance by using the -Djboss.http.port and -Djboss.https.port options:

[rhsso@sso rh-sso-7.6]$ bin/standalone.sh -Djboss.http.port=1234
...output omitted...

Run RH-SSO

After installing and configuring RH-SSO, the next step is to run an RH-SSO instance. First, try to manually run the RH-SSO instance by using the provided boot script. When you are sure that everything works correctly, then you can configure RH-SSO as a systemd service that starts on boot.

Manually Start an RH-SSO Instance

You can find the boot scripts for the different RH-SSO operating modes in the bin directory. For example, you can run an RH-SSO stand-alone instance by running the standalone.sh boot script.

[rhsso@sso rh-sso-7.6]$ bin/standalone.sh
...output omitted...
15:08:15,900 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Red Hat Single Sign-On 7.6.0.GA (WildFly Core 15.0.8.Final-redhat-00001) started in 9475ms - Started 594 of 872 services (584 services are lazy, passive or on-demand)
15:08:15,903 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
15:08:15,903 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990

If the boot script runs correctly, then you can access the administration console by using a web browser to navigate to the RH-SSO web UI URL at http://localhost:8080. You can choose the RH-SSO XML configuration file to start with by using the -c parameter, like the following example.

[rhsso@sso rh-sso-7.6]$ bin/standalone.sh -c standalone-ha.xml
...output omitted...

Set the RH-SSO Admin Account

There are two ways to set the administrator account for your RH-SSO instance.

If your server is accessible from the localhost URL or the address that you manually configured, then you can use the web UI for setting the administrator password. In that case, use your web browser to navigate to the RH-SSO web UI URL (by default https://localhost:8080/auth). The first time you navigate to the RH-SSO web UI URL, it asks you to enter the initial administrator username and the password.

Figure 2.1: RH-SSO Web UI Initial Screen

If you cannot access the server from the localhost address or you want to set the administrator password from the command line, then you can use the bin/add-user-keycloak.sh script to add administrator users. This script requires you to specify the username and the password for the admin user.

[rhsso@sso rh-sso-7.6]$ bin/add-user-keycloak.sh -u <username> -p <password>

Run RH-SSO as a Systemd Service

If you use RH-SSO on bare metal or virtualized infrastructures, then Red Hat recommends to install the RH-SSO instances as UNIX system daemons, or Windows services, depending on the operating system family. This lecture explains only how to configure the system service on RHEL.

Similar to a JBoss EAP server instance, you can configure RH-SSO as a service that starts on boot.

For this purpose, you need to customize the start options in the JBoss configuration file. You can find the JBoss configuration file and the start script in the bin/init.d directory.

First, modify the JBoss configuration file with the parameters that apply to your RH-SSO deployment. At least you must provide the values for the JBOSS_HOME and the JBOSS_USER variables.

[rhsso@sso rh-sso-7.6]$ cat bin/init.d/jboss-eap.conf
# General configuration for the init.d scripts,
# not necessarily for JBoss EAP itself.
# default location: /etc/default/jboss-eap

## Location of JDK
# JAVA_HOME="/usr/lib/jvm/default-java"

## Location of JBoss EAP
# JBOSS_HOME="/opt/jboss-eap"

## The username who should own the process.
# JBOSS_USER=jboss-eap

## The mode JBoss EAP should start, standalone or domain
# JBOSS_MODE=standalone

## Configuration for standalone mode
# JBOSS_CONFIG=standalone.xml

## Configuration for domain mode
# JBOSS_DOMAIN_CONFIG=domain.xml
# JBOSS_HOST_CONFIG=host-master.xml

## The amount of time to wait for startup
# STARTUP_WAIT=60

## The amount of time to wait for shutdown
# SHUTDOWN_WAIT=60

## Location to keep the console log
# JBOSS_CONSOLE_LOG="/var/log/jboss-eap/console.log"

## Additionals args to include in startup
# JBOSS_OPTS="--admin-only -b 127.0.0.1"

After editing the JBoss configuration file, copy it to the /etc/default directory.

[rhsso@sso rh-sso-7.6]$ sudo cp EAP_HOME/bin/init.d/jboss-eap.conf /etc/default

Then, copy the service start script to the /etc/init.d directory, give it execute permissions, and restore its SELinux context.

[rhsso@sso rh-sso-7.6]$ sudo cp EAP_HOME/bin/init.d/jboss-eap-rhel.sh /etc/init.d
[rhsso@sso rh-sso-7.6]$ sudo chmod +x /etc/init.d/jboss-eap-rhel.sh
[rhsso@sso rh-sso-7.6]$ sudo restorecon /etc/init.d/jboss-eap-rhel.sh

Use the service management command to add the jboss-eap-rhel.sh service to the list of automatically started services, and reload the systemd daemon. Then, verify that the service starts correctly by starting it.

[rhsso@sso rh-sso-7.6]$ sudo chkconfig --add jboss-eap-rhel.sh
[rhsso@sso rh-sso-7.6]$ sudo systemctl daemon-reload
[rhsso@sso rh-sso-7.6]$ sudo service jboss-eap-rhel start
Redirecting to /bin/systemctl start jboss-eap-rhel.service

Finally, make the service start automatically on boot.

[rhsso@sso rh-sso-7.6]$ sudo chkconfig jboss-eap-rhel.sh on

References

Red Hat Customer Portal — Red Hat Single Sign-On

For more information about Red Hat Single Sign-On installation and configuration, refer to the Red Hat Single Sign-On 7.6 Server Installation and Configuration Guide documentation at https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html-single/server_installation_and_configuration_guide/index

For more information about installing and configuring Red Hat Single Sign-On by using an Ansible Collection, refer to https://github.com/ansible-middleware/keycloak

For more information about changing the default RH-SSO H2 database, refer to the Setting up the relational database chapter in the Red Hat Single Sign-On 7.6 Server Installation and Configuration Guide documentation at https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html-single/server_installation_and_configuration_guide/index#database-1

For more information about running Red Hat Single Sign-On as a systemd service, refer to the Configuring JBoss EAP archive installation as a service on Red Hat Enterprise Linux section in the Red Hat JBoss Enterprise Application Platform 7.4 Installation Guide at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index#configuring-jboss-eap-archive-installation-as-a-service-on-rhel_default

PreviousNext
Revision: do313-7.6-bc10333