[aerogear-dev] Keycloak integration ideas
Matthias Wessendorf
matzew at apache.org
Wed Jan 22 06:53:24 EST 2014
Hello Stian,
On Wed, Jan 22, 2014 at 12:40 PM, Stian Thorgersen <stian at redhat.com> wrote:
> It's great to see interest in the Keycloak project :)
>
> We've been quite busy with getting the alpha out the door (hopefully it'll
> be released tomorrow) hence the lack of response. Also, I don't think Bill
> follows aerogear-dev.
>
> Would be good to start discussions on these items, maybe as separate posts
> to keycloak-dev?
>
sure, that would work for me
>
> A few thoughts from me:
>
> * We've got a quick and dirty OpenShift cartridge (
> https://github.com/keycloak/openshift-keycloak-cartridge) - it's based on
> the WildFly cartridge by Corey Daley. Seems to work pretty well and took me
> about an hour to do the mods. I was considering if it was possible to do
> the Keycloak and UPS cartridges as add-ons to the WildFly cartridge (same
> as postgresql and mysql cartridges). That way you can mix and match
> whatever combo you want. A specific cartridge may provide a better
> integrated experience though. Maybe we can ping someone in the OpenShift
> team to find out the correct approach?
>
sounds reasonable. Farah was kindly helping us w/ our Push Cartridge
(containing Unified- and SimplePush Servers + MySQL).
There are thoughts on integrating the UPS (e.g. the user management) w/
Keycloak. Something like that makes a perfect 'mix' for adding the Keycloak
bits into our cartridge. Sure we could 're-lable' it. Is that something
that sounds good ?
> * Mobile SDKs - There's not much effort yet on supporting mobiles. Maybe
> you could help us with creating Keycloak SDKs, with most of the code
> reusable in AeroGear and LiveOak?
>
Absolutely, for that I think it would be good to start a thread on
keycloak-dev regarding 'requirements' / desired functionality. Ideally
these SDKs are leveraging AeroGear's mobile client SDKs.
> * JS - None in Keycloak, but I've started one in LiveOak. Again, could we
> do a Keycloak JS lib that could be reused by AeroGear and LiveOak?
>
+1 and that would be needed pretty much once the UnifiedPushServer is
integrating w/ Keycloak :-)
>
> If you have any issues/questions at all post to keycloak-dev and I'm sure
> me and Bill will fight to see how gets to answer first ;)
>
yay!
Cheers!
Matthias
>
> ----- Original Message -----
> > From: "Matthias Wessendorf" <matzew at apache.org>
> > To: "AeroGear Developer Mailing List" <aerogear-dev at lists.jboss.org>
> > Sent: Wednesday, 22 January, 2014 7:41:10 AM
> > Subject: Re: [aerogear-dev] Keycloak integration ideas
> >
> >
> >
> >
> > On Tue, Jan 21, 2014 at 11:10 PM, Jay Balunas < jbalunas at redhat.com >
> wrote:
> >
> >
> >
> >
> > On Jan 19, 2014, at 10:18 AM, Matthias Wessendorf < matzew at apache.org >
> > wrote:
> >
> >
> >
> >
> >
> >
> >
> > On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas < jbalunas at redhat.com >
> wrote:
> >
> >
> >
> > Hi All,
> >
> > Sorry all - book mode ;-)
> >
> > We've had a couple of threads around keycloak integration (thanks
> Abstractj)
> > and working together with them (both in our dev list and theirs). I had a
> > meeting (dinner really) with Bill and talked about some possibilities and
> > we're both excited to see what can happen.
> >
> > I wanted to capture some of those thoughts here (as well as some that
> already
> > started before), have some discussions, and more importantly talk about
> next
> > steps (jira's) to get some of this in the pipeline. I'm sure this is not
> > exhaustive either, so please add your own thoughts, brainstorming etc...
> > (for example Cordova plugin perhaps?)
> >
> > *In no particular order
> >
> > A) AeroGear security integration
> > ** Abstractj already posted and implemented some of these changes
> > **
> >
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGear-td5663.html
> > ** What's left here? Is it plug-able? Does it need to be?
> >
> > The work started by Bruno looks promising. I like that for the login to
> the
> > UPS Admin UI is being forwarded to the Keycloak server.
> > As mentioned on the referenced thread, there is a bit of more work
> needed for
> > the "protection" of the SEND (and likely device registration) URLs.
> >
> >
> >
> >
> >
> > B) Crypto key management
> > ** Server-side encryption key management for client crypto
> > ** Abstractj had some discussions here
> > ***
> http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html
> > *** Where does that stand?
> > ** Do we need our own impl as well?
> >
> > C) UnifiedPush server integration
> > ** User management, Auth*
> > ** Do we have our own basic impl for quickstart experience?
> > ** See below for possible combined cartridge options
> >
> > yep, the UPS come in mind and as mentioned in A) Bruno was already
> actively
> > starting this shortly before XMAS.
> >
> >
> >
> >
> >
> > D) Cross-project examples, tutorials, docs, etc...
> > ** TBD
> >
> > Sure, combined docs/tutorials/examples are a good item once we do have a
> bit
> > more :-) Not sure it makes much sense now, but I can be wrong
> >
> > Completely agree now is not the time. Just wanted to bring it up for
> > discussion.
> >
> >
> >
> >
> >
> >
> >
> >
> > KeyCloak has some things they need as well, that we could work together
> on.
> > I'm sure the KeyCloak team could add more here :-)
> >
> > Z) Device support
> > ** We need it, they need, and others need it
> > ** Bill would like us to help them (and us at the same time) with this.
> >
> > yeah - that would be an extremely good fit for our Push efforts.
> >
> > We'll need someone to setup a mtg, or discuss on the topic. Any takers?
> >
> > I can reach out to them, via mailing list, to see what they are up to,
> > regarding "Device support". Not 100% sure which email list is the 'right'
> > choice (cross-postings are IMO a PITA :))
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Y) OpenShift Cartridge for KeyCloak
> > ** I know this is already on their roadmap
> > ** The work Farah and others has already done, could be very helpful to
> them
> > ** We should also discuss the possibility of a joint cartridge
> > *** Could be really compelling, especially if you add in device, client
> key,
> > and push support with native SDKs & examples
> > *** Would also want separate cartridges as well imo
> >
> > yeah, I see various options here:
> > * 'standalone' Keycloak cartridge (on their roadmap already); Would be
> nice
> > to get Farah involved here as well
> > * combined cartridge (E.g. Push + Keycloak). If we do actually fully
> > integrate Keycloak into the Push work, IMO this is a required option, to
> > simply include the Keycloak offerings into our Push Cartridge
> >
> > Agreed, and I'd like to hear from the keycloak team on this as well. If
> they
> > have plans for pairing their cartridge with others.
> >
> > On their list they are currently talking about standalone ones, but
> later, we
> > might be able to integrate w/ their server piece.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > X) Client SDK support
> > ** We have client SDKs & could help with their dev (either as part of
> > AeroGear or KeyCloak perhaps)
> > ** Primarily for iOS & Android, but would also want see where JS &
> Cordova
> > fit.
> >
> > Yes, another good integration item, would be interesting to know their
> > 'requirements'. I think our OAuth2 related work, would be something
> that's
> > interesting for them as well
> >
> > +1
> >
> >
> >
> >
> >
> >
> >
> >
> > You start putting all of this together and there is a great set of
> > functionality that really compliments each other well. After we discuss
> for
> > a while, I'd like to find owners for the various items to help make
> progress
> > on these. Abstractj is awesome, but not sure he can do it all ;-)
> >
> > yes, great work by Bruno w/ getting actively started on this
> >
> > +1
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -Jay
> >
> > PS: I'll post an email to the keycloak-dev list as well pointing to this
> > thread on our list.
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140122/4cb19c54/attachment-0001.html
More information about the aerogear-dev
mailing list