[aerogear-dev] AGPUSH-1047: Decouple UPS from Keycloak

Pratik Parikh pratik.p.parikh at gmail.com
Tue Nov 18 21:34:28 EST 2014


Hi Bruno,

   Tried the steps no luck still running in cycles (NOTE:Does every request
should return keycloak.json, it seems like on every request for
keycloak.json it tries to login and since i am already logged in. It just
gets into cycles). Below is my configuration

ups-realm.json
   {
    "realm": "aerogear",
    "enabled": true,
    "accessTokenLifespan": 60,
    "accessCodeLifespan": 60,
    "accessCodeLifespanUserAction": 300,
    "ssoSessionIdleTimeout": 600,
    "ssoSessionMaxLifespan": 36000,
    "sslRequired": "external",
    "registrationAllowed": false,
    "social": false,
    "adminTheme": "aerogear",
    "accountTheme": "aerogear",
    "loginTheme": "aerogear",
    "updateProfileOnInitialSocialLogin": false,
    "requiredCredentials": [ "password" ],
    "users" : [
        {
            "username" : "admin",
            "enabled": true,
            "credentials" : [
                { "type" : "password",
                    "value" : "123" }
            ],
            "requiredActions": [
                "UPDATE_PASSWORD"
            ],
            "realmRoles": [ "admin" ],
            "applicationRoles": {
               "realm-management": [ "realm-admin" ],
               "account": [ "manage-account" ]
            }
        },
        {
            "username" : "developer",
            "enabled": false,
            "credentials" : [
                { "type" : "password",
                    "value" : "developer" }
            ],
            "requiredActions": [
                "UPDATE_PASSWORD"
            ],
            "realmRoles": [ "developer" ],
            "applicationRoles": {
                "account": [ "manage-account" ]
            }
        }
    ],
    "roles" : {
        "realm" : [
            {
                "name": "admin",
                "description": "Administrator privileges"
            },
            {
                "name": "developer",
                "description": "Developer privileges"
            }
        ]
    },
    "scopeMappings": [
        {
            "client": "unified-push-server-js",
            "roles": ["admin", "developer"]
        }
    ],
    "applications": [
        {
            "name": "unified-push-server",
            "enabled": true,
            "bearerOnly": true
        },
        {
            "name": "unified-push-server-js",
            "enabled": true,
            "publicClient": true,
            "baseUrl": "/ag-push",
            "redirectUris": [
                "https://XXX.XXX.XXX.XX:8443/ag-push/*"
            ]
        }
    ]
}

keycloak.json - UPS-JS

{
  "realm": "aerogear",
  "realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaZGiFwx6bKQiYZIqhmgjFqa2I8fcDzZLnDhxgLinJR1zb6LeEECCNuvHzK//GlN4kLlFqCfqr+dkzh/G76snv8H9GdRiNLotmLxMl+RCi3E/Oiqmk0TxjcxHnArIbDFSIX/H+KmsXUx12pihYi9hr2/ZDGSLSg2yMfr3xxw8yNwIDAQAB",
  "auth-server-url": "https://XXX.XXX.XXX.XXX:8443/auth",
  "ssl-required": "external",
  "resource": "unified-push-server-js",
  "public-client": true
}

keycloak.json - UPS

{
  "realm": "aerogear",
  "realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaZGiFwx6bKQiYZIqhmgjFqa2I8fcDzZLnDhxgLinJR1zb6LeEECCNuvHzK//GlN4kLlFqCfqr+dkzh/G76snv8H9GdRiNLotmLxMl+RCi3E/Oiqmk0TxjcxHnArIbDFSIX/H+KmsXUx12pihYi9hr2/ZDGSLSg2yMfr3xxw8yNwIDAQAB",
  "auth-server-url": "https://XXX.XXX.XXX.XXX:8443/auth",
  "ssl-required": "external",
  "resource" : "unified-push-server",
  "bearer-only" : true
}

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">

    <module-name>ag-push</module-name>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin</web-resource-name>
            <url-pattern>/rest/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
            <role-name>developer</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>HttpBasic</web-resource-name>
            <description>Matches a few special URLs, not protected by
Keycloak</description>
            <url-pattern>/rest/registry/device/*</url-pattern>
            <url-pattern>/rest/sender/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>		
    </security-constraint>

    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>aerogear</realm-name>
    </login-config>

    <security-role>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <role-name>developer</role-name>
    </security-role>

</web-app>

index.html




Regards,
Pratik Parikh



--
View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-AGPUSH-1047-Decouple-UPS-from-Keycloak-tp9973p10037.html
Sent from the aerogear-dev mailing list archive at Nabble.com.


More information about the aerogear-dev mailing list