[aerogear-dev] Keycloak integration ideas

Wed Jan 22 02:41:10 EST 2014

On Tue, Jan 21, 2014 at 11:10 PM, Jay Balunas <jbalunas at redhat.com> wrote:

>
> On Jan 19, 2014, at 10:18 AM, Matthias Wessendorf <matzew at apache.org>
> wrote:
>
>
>
>
> On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas <jbalunas at redhat.com> wrote:
>
>> Hi All,
>>
>> Sorry all - book mode ;-)
>>
>> We've had a couple of threads around keycloak integration (thanks
>> Abstractj) and working together with them (both in our dev list and
>> theirs).  I had a meeting (dinner really) with Bill and talked about some
>> possibilities and we're both excited to see what can happen.
>>
>> I wanted to capture some of those thoughts here (as well as some that
>> already started before), have some discussions, and more importantly talk
>> about next steps (jira's) to get some of this in the pipeline.  I'm sure
>> this is not exhaustive either, so please add your own thoughts,
>> brainstorming etc...  (for example Cordova plugin perhaps?)
>>
>> *In no particular order
>>
>> A) AeroGear security integration
>> ** Abstractj already posted and implemented some of these changes
>> **
>> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGear-td5663.html
>> ** What's left here?  Is it plug-able?  Does it need to be?
>>
>
> The work started by Bruno looks promising. I like that for the login to
> the UPS Admin UI is being forwarded to the Keycloak server.
> As mentioned on the referenced thread, there is a bit of more work needed
> for the "protection" of the SEND (and likely device registration) URLs.
>
>
>> B) Crypto key management
>> ** Server-side encryption key management for client crypto
>> ** Abstractj had some discussions here
>> ***
>> http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html
>> *** Where does that stand?
>> ** Do we need our own impl as well?
>>
>> C) UnifiedPush server integration
>> ** User management, Auth*
>> ** Do we have our own basic impl for quickstart experience?
>> ** See below for possible combined cartridge options
>>
>
> yep, the UPS come in mind and as mentioned in A) Bruno was already
> actively starting this shortly before XMAS.
>
>
>
>>
>> D) Cross-project examples, tutorials, docs, etc...
>> ** TBD
>>
>
> Sure, combined docs/tutorials/examples are a good item once we do have a
> bit more :-) Not sure it makes much sense now, but I can be wrong
>
>
> Completely agree now is not the time.  Just wanted to bring it up for
> discussion.
>
>
>
>>
>> KeyCloak has some things they need as well, that we could work together
>> on.  I'm sure the KeyCloak team could add more here :-)
>>
>> Z) Device support
>> ** We need it, they need, and others need it
>> ** Bill would like us to help them (and us at the same time) with this.
>>
>
> yeah - that would be an extremely good fit for our Push efforts.
>
>
> We'll need someone to setup a mtg, or discuss on the topic.  Any takers?
>

I can reach out to them, via mailing list, to see what they are up to,
regarding "Device support". Not 100% sure which email list is the 'right'
choice (cross-postings are IMO a PITA :))

>
>
>
>>
>> Y) OpenShift Cartridge for KeyCloak
>> ** I know this is already on their roadmap
>> ** The work Farah and others has already done, could be very helpful to
>> them
>> ** We should also discuss the possibility of a joint cartridge
>> *** Could be really compelling, especially if you add in device, client
>> key, and push support with native SDKs & examples
>> *** Would also want separate cartridges as well imo
>>
>
> yeah, I see various options here:
> * 'standalone' Keycloak cartridge (on their roadmap already); Would be
> nice to get Farah involved here as well
> * combined cartridge (E.g. Push + Keycloak). If we do actually fully
> integrate Keycloak into the Push work, IMO this is a required option, to
> simply include the Keycloak offerings into our Push Cartridge
>
>
> Agreed, and I'd like to hear from the keycloak team on this as well.  If
> they have plans for pairing their cartridge with others.
>

On their list they are currently talking about standalone ones, but later,
we might be able to integrate w/ their server piece.

>
>
>
>>
>> X) Client SDK support
>> ** We have client SDKs & could help with their dev (either as part of
>> AeroGear or KeyCloak perhaps)
>> ** Primarily for iOS & Android, but would also want see where JS &
>> Cordova fit.
>>
>
> Yes, another good integration item, would be interesting to know their
> 'requirements'. I think our OAuth2 related work, would be something that's
> interesting for them as well
>
>
> +1
>
>
>
>>
>> You start putting all of this together and there is a great set of
>> functionality that really compliments each other well.  After we discuss
>> for a while, I'd like to find owners for the various items to help make
>> progress on these.  Abstractj is awesome, but not sure he can do it all ;-)
>>
>
> yes, great work by Bruno w/ getting actively started on this
>
>
> +1
>
>
>
>
>>
>> -Jay
>>
>> PS: I'll post an email to the keycloak-dev list as well pointing to this
>> thread on our list.
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140122/9d700129/attachment-0001.html 