[aerogear-dev] Keycloak on AeroGear

Matthias Wessendorf matzew at apache.org
Wed Jan 29 10:02:23 EST 2014 

On Wed, Jan 29, 2014 at 3:57 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Sorry I just missed your e-mail during while the syncalipse was happening.
>
> What I meant was something like: admin, developers, regular users and how
> to deal with these roles. Maybe this is planned to the next steps, but at
> some point we need to test how KeyCloak could protect our endpoints and
> deal with multiple roles.
>

yes, the 'ui part' (and the underlying endpoints) being protected by
keycloak;
On the next steps is also looking at different roles for this. I was never
speaking about a specific user/role - more generically protecting the
"Admin UI", which can be consumed by users w/ different roles

-Matthias


>
>
> On Sun, Jan 26, 2014 at 10:41 AM, Matthias Wessendorf <matzew at apache.org>wrote:
>
>> Hello Bruno,
>>
>>
>> On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>
>>> Any specific reason to limit the scope to admin page only? I'm thinking
>>> about login for regular users
>>
>>
>> Not sure I follow. What do you mean w/ "regular users"?
>>
>>
>> Before my change very thing was restricted by Keycloak (/*). I did not
>> really change there a lot, however I just removed the URLs for
>> 'device-registration' and 'sending':
>>
>> https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50
>>
>> So, currently the following is protected by Keycloak:
>> * Admin UI (not speaking about a specific admin user)
>> * REST APIs that are accessed by the Admin UI, like:
>> - http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
>> - http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
>>
>> Perviously the 'device-registration' and 'sending' URL were protected as
>> well. Removing them from the 'keycloak protection' is really the only change
>>
>> Greetings,
>> Matthias
>>
>>
>>
>>> --
>>> abstractj
>>>
>>>
>>> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew at apache.org>wrote:
>>>
>>>> Hello!
>>>>
>>>> I have a  few more updates:
>>>>
>>>> On my branch (a fork from Bruno's branch), the URLs for the actual
>>>> sending and the device-registration (both 'protected' via HTTP-Basic), now
>>>> work again. I have 'limited' the scope of the Keycloak 'protection' to the
>>>> AdminUI.
>>>>
>>>> Greetings,
>>>> Matthias
>>>>
>>>>
>>>>
>>>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <matzew at apache.org
>>>> > wrote:
>>>>
>>>>> I have updated the branch w/ their recent changes from this weeks
>>>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>>>> https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>>>
>>>>> More to come
>>>>>
>>>>> Greetings,
>>>>> Matthias
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>>>>
>>>>>> Good morning peeps, yesterday I started to replace AeroGear Security
>>>>>> on Unified Push server by Keycloak and you might be asking: "Why?".
>>>>>> Keycloak is a SSO with some handy features like TOTP, OAuth2, user
>>>>>> management support and I think we have too much to contribute, is the only
>>>>>> way to have some success with security, "divide to conquer" (at least for
>>>>>> authorization and authentication).
>>>>>>
>>>>>> So will ag-security be discontinued? No! Keycloak is still on Alpha
>>>>>> and we have to test it against our projects before fully replace
>>>>>> ag-security, but the only way to upstream our needs, is to using it.
>>>>>>
>>>>>> This replacement only applies to authentication/authorization
>>>>>> features, we still have a ton of projects which Keycloak is not able to
>>>>>> replace like: TOTP, crypto and OAuth2 on mobile, our focus.
>>>>>>
>>>>>> - PoC
>>>>>>
>>>>>> So let's talk about this replacement, any dependency on ag-security
>>>>>> was removed from the push server and replaced by Keycloak:
>>>>>> https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>>>
>>>>>> Based on Keycloak examples, I just did copy & paste from one of the
>>>>>> demos (https://github.com/abstractj/auth-server/tree/openshift) to
>>>>>> create a server. Keycloak requires Resteasy 3.0.4, for this reason I had to
>>>>>> manually replace some modules on JBoss.
>>>>>>
>>>>>> To test it go to: http://push-abstractj.rhcloud.com/ag-push/ you
>>>>>> must be redirected to Keycloak, enter:
>>>>>>
>>>>>> username: john at doe.com
>>>>>> password: password
>>>>>>
>>>>>> You must be redirected to agpush console, keep in mind that I took
>>>>>> some shortcuts to get this demo working, so for example the create will
>>>>>> fail because I removed everything related into the ember interface.
>>>>>>
>>>>>> Is also possible to enable TOTP, user's registration and whatever you
>>>>>> want.
>>>>>>
>>>>>> So what do you think?
>>>>>>
>>>>>> --
>>>>>> abstractj
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>  --
>>>>> Matthias Wessendorf
>>>>>
>>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>>> sessions: http://www.slideshare.net/mwessendorf
>>>>> twitter: http://twitter.com/mwessendorf
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140129/e13ff999/attachment-0001.html

More information about the aerogear-dev mailing list