[aerogear-dev] Keycloak integration
matzew at apache.org
Wed May 14 10:10:15 EDT 2014
I have submitted an _early_ PR to master to get the KC bits in - this will
help the Angular.js based UI overhaul, as its currently lacks a proper
login UI ;-)
Once that is merged to MASTER, the angular branch can be rebased on this;
Note: I added notes for users, to go w/ a 'stable' 0.10.x version...
On Wed, May 14, 2014 at 9:10 AM, Matthias Wessendorf <matzew at apache.org>wrote:
> here is an update on the integration: Bill did some updates to his example
> template and worked on more things inside of Keycloak for a better
> Yesterday, I used his example work and applied it to our UPS:
> There is now an 'auth-server' module which produces a WAR (that also
> contains an AeroGear theme), to be deployed to the AS:
> The 'server' module is using a ContextListener for the configuration work,
> instead of the previous keycloak.json file:
> Deploying the two WARs (auth before ups) will show the integration
> (admin:admin is the initial password).
> IMO this is a huge step towards a proper Keycloak integration, but some
> items are still open:
> - nicer config (using his testrealm.json inside of the auth-server)
> - user/roles mgmt
> - integration w/ the new UI
> - ...
> When Bruno is back, the work on this branch will continue.
> That's it for now.
> On Tue, May 6, 2014 at 11:49 AM, Matthias Wessendorf <matzew at apache.org>wrote:
>> Hello folks!
>> Bill Burk was helping on the Keycloak front and besides fixing related
>> items on the Keycloak server, he also created an example that we can use as
>> a template for the actual integration. See 
>> In the past, Bruno and I did integrate w/ an external Keycloak server
>> (see ), and we did include the keycloak.json file (See ). Thanks to
>> Bill's work on Keycloak, the 'protected app' no longer needs that, see .
>> Also there is no more the need to customize the Keycloak Rest Application
>> (Stian and I did look into that as well).
>> Good news: This means the UPS can stay as it is -> no need to change
>> internals (e.g. the 'bundle all in one WAR file' did force us to change our
>> '/rest' URLs, as Keycloak uses them, see ).
>> Inside of our 'modular' Keycloak branch (see  again), we can apply the
>> work from Bill:
>> * our current 'server' module will use a listener similar to 
>> * create a "ups-auth" module similar to 
>> On the 'ups-auth module' there is one area where we need to have some
>> future improvement:
>> * testrealm.json -> needs to be in Java code, due to the URL being
>> hard-coded in there (we need to resolve the URL of the host, running the
>> bits). But, IMO for now that should be good enough.
>> Bruno did offer to help out on the Keycloak integration, so that I can go
>> back to the analytics and mertrics feature. Thanks abstractj!! <3
>> Matthias Wessendorf
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
> Matthias Wessendorf
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the aerogear-dev