[aerogear-dev] Keycloak on AeroGear

Matthias Wessendorf matzew at apache.org
Wed Jan 29 05:17:40 EST 2014 

I have now rebased our branch ([1]) against our master and removed the
AdminUI src inclusion;

More updates will follow soon

-Matthias


[1] https://github.com/matzew/aerogear-unifiedpush-server/tree/keycloak


On Sun, Jan 26, 2014 at 1:41 PM, Matthias Wessendorf <matzew at apache.org>wrote:

> Hello Bruno,
>
>
> On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>
>> Any specific reason to limit the scope to admin page only? I'm thinking
>> about login for regular users
>
>
> Not sure I follow. What do you mean w/ "regular users"?
>
>
> Before my change very thing was restricted by Keycloak (/*). I did not
> really change there a lot, however I just removed the URLs for
> 'device-registration' and 'sending':
>
> https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50
>
> So, currently the following is protected by Keycloak:
> * Admin UI (not speaking about a specific admin user)
> * REST APIs that are accessed by the Admin UI, like:
> - http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
> - http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
>
> Perviously the 'device-registration' and 'sending' URL were protected as
> well. Removing them from the 'keycloak protection' is really the only change
>
> Greetings,
> Matthias
>
>
>
>> --
>> abstractj
>>
>>
>> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew at apache.org>wrote:
>>
>>> Hello!
>>>
>>> I have a  few more updates:
>>>
>>> On my branch (a fork from Bruno's branch), the URLs for the actual
>>> sending and the device-registration (both 'protected' via HTTP-Basic), now
>>> work again. I have 'limited' the scope of the Keycloak 'protection' to the
>>> AdminUI.
>>>
>>> Greetings,
>>> Matthias
>>>
>>>
>>>
>>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <matzew at apache.org>wrote:
>>>
>>>> I have updated the branch w/ their recent changes from this weeks
>>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>>> https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>>
>>>> More to come
>>>>
>>>> Greetings,
>>>> Matthias
>>>>
>>>>
>>>>
>>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>>>
>>>>> Good morning peeps, yesterday I started to replace AeroGear Security
>>>>> on Unified Push server by Keycloak and you might be asking: "Why?".
>>>>> Keycloak is a SSO with some handy features like TOTP, OAuth2, user
>>>>> management support and I think we have too much to contribute, is the only
>>>>> way to have some success with security, "divide to conquer" (at least for
>>>>> authorization and authentication).
>>>>>
>>>>> So will ag-security be discontinued? No! Keycloak is still on Alpha
>>>>> and we have to test it against our projects before fully replace
>>>>> ag-security, but the only way to upstream our needs, is to using it.
>>>>>
>>>>> This replacement only applies to authentication/authorization
>>>>> features, we still have a ton of projects which Keycloak is not able to
>>>>> replace like: TOTP, crypto and OAuth2 on mobile, our focus.
>>>>>
>>>>> - PoC
>>>>>
>>>>> So let's talk about this replacement, any dependency on ag-security
>>>>> was removed from the push server and replaced by Keycloak:
>>>>> https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>>
>>>>> Based on Keycloak examples, I just did copy & paste from one of the
>>>>> demos (https://github.com/abstractj/auth-server/tree/openshift) to
>>>>> create a server. Keycloak requires Resteasy 3.0.4, for this reason I had to
>>>>> manually replace some modules on JBoss.
>>>>>
>>>>> To test it go to: http://push-abstractj.rhcloud.com/ag-push/ you must
>>>>> be redirected to Keycloak, enter:
>>>>>
>>>>> username: john at doe.com
>>>>> password: password
>>>>>
>>>>> You must be redirected to agpush console, keep in mind that I took
>>>>> some shortcuts to get this demo working, so for example the create will
>>>>> fail because I removed everything related into the ember interface.
>>>>>
>>>>> Is also possible to enable TOTP, user's registration and whatever you
>>>>> want.
>>>>>
>>>>> So what do you think?
>>>>>
>>>>> --
>>>>> abstractj
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140129/99422da4/attachment-0001.html

More information about the aerogear-dev mailing list