[aerogear-dev] Keycloak integration ideas

Matthias Wessendorf matzew at apache.org
Sun Jan 19 10:18:10 EST 2014 

On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas <jbalunas at redhat.com> wrote:

> Hi All,
>
> Sorry all - book mode ;-)
>
> We've had a couple of threads around keycloak integration (thanks
> Abstractj) and working together with them (both in our dev list and
> theirs).  I had a meeting (dinner really) with Bill and talked about some
> possibilities and we're both excited to see what can happen.
>
> I wanted to capture some of those thoughts here (as well as some that
> already started before), have some discussions, and more importantly talk
> about next steps (jira's) to get some of this in the pipeline.  I'm sure
> this is not exhaustive either, so please add your own thoughts,
> brainstorming etc...  (for example Cordova plugin perhaps?)
>
> *In no particular order
>
> A) AeroGear security integration
> ** Abstractj already posted and implemented some of these changes
> **
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGear-td5663.html
> ** What's left here?  Is it plug-able?  Does it need to be?
>

The work started by Bruno looks promising. I like that for the login to the
UPS Admin UI is being forwarded to the Keycloak server.
As mentioned on the referenced thread, there is a bit of more work needed
for the "protection" of the SEND (and likely device registration) URLs.


> B) Crypto key management
> ** Server-side encryption key management for client crypto
> ** Abstractj had some discussions here
> ***
> http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html
> *** Where does that stand?
> ** Do we need our own impl as well?
>
> C) UnifiedPush server integration
> ** User management, Auth*
> ** Do we have our own basic impl for quickstart experience?
> ** See below for possible combined cartridge options
>

yep, the UPS come in mind and as mentioned in A) Bruno was already actively
starting this shortly before XMAS.



>
> D) Cross-project examples, tutorials, docs, etc...
> ** TBD
>

Sure, combined docs/tutorials/examples are a good item once we do have a
bit more :-) Not sure it makes much sense now, but I can be wrong


>
> KeyCloak has some things they need as well, that we could work together
> on.  I'm sure the KeyCloak team could add more here :-)
>
> Z) Device support
> ** We need it, they need, and others need it
> ** Bill would like us to help them (and us at the same time) with this.
>

yeah - that would be an extremely good fit for our Push efforts.


>
> Y) OpenShift Cartridge for KeyCloak
> ** I know this is already on their roadmap
> ** The work Farah and others has already done, could be very helpful to
> them
> ** We should also discuss the possibility of a joint cartridge
> *** Could be really compelling, especially if you add in device, client
> key, and push support with native SDKs & examples
> *** Would also want separate cartridges as well imo
>

yeah, I see various options here:
* 'standalone' Keycloak cartridge (on their roadmap already); Would be nice
to get Farah involved here as well
* combined cartridge (E.g. Push + Keycloak). If we do actually fully
integrate Keycloak into the Push work, IMO this is a required option, to
simply include the Keycloak offerings into our Push Cartridge


>
> X) Client SDK support
> ** We have client SDKs & could help with their dev (either as part of
> AeroGear or KeyCloak perhaps)
> ** Primarily for iOS & Android, but would also want see where JS & Cordova
> fit.
>

Yes, another good integration item, would be interesting to know their
'requirements'. I think our OAuth2 related work, would be something that's
interesting for them as well


>
> You start putting all of this together and there is a great set of
> functionality that really compliments each other well.  After we discuss
> for a while, I'd like to find owners for the various items to help make
> progress on these.  Abstractj is awesome, but not sure he can do it all ;-)
>

yes, great work by Bruno w/ getting actively started on this



>
> -Jay
>
> PS: I'll post an email to the keycloak-dev list as well pointing to this
> thread on our list.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140119/11c02d38/attachment.html

More information about the aerogear-dev mailing list