[aerogear-dev] Using existing Keycloak installation with Aerogear

Bruno Oliveira bruno at abstractj.org
Mon Oct 13 10:38:08 EDT 2014


On 2014-10-13, Matthias Wessendorf wrote:
> On Mon, Oct 13, 2014 at 4:08 PM, Egor Kolesnikov <
> egor.kolesnikov at fastlane-it.com> wrote:
>
> > Hi Matthias
> >
> >
> >
> > I do understand that Aerogear is quite young product and may not have all
> > features yet
> >
>
> AeroGear is more, than just its UPS (UnifiedPush Server) - which we are
> talking about here :)
>
>
> > – just need to understand your vision of the project to align our further
> > development appropriately.
> >
> >
> >
> > Having said that, I can see two possible integration options with projects
> > like ours:
> >
> > 1.       Aerogear+Keycloak combo used for “all things auth” (this will
> > require unlocking master/admin user);
> >
> moving forward, I'd like us to go there. Again it was just done to limit
> the initial scope of the UPS
>
>
>
> > 2.       Configuring Aerogear to use external Keycloak installation.
> >
> we have had discussions about that too. that it should be possible to have
> our UnifiedPush Server on one machine, and a standalone keycloak server,
> that is used for more. not just UPS

I think it makes perfect sense. There are two solutions quick or slow.

1. Quick: enable our developers to make use of not only AeroGear, but
create new realms as well. Also, let them, do whatever they want with
the admin.

2. Slow (I'm +1 on it). Dettach UPS from Keycloak and use as an external
installation. (off course, provide an easy way to install). If we think
carefuly, people might want to have 1 server with Keycloak and 4 with
UPS or the opposite.


>
>
>
> > Option 1 appears to be the easiest way around, whether Option 2 looks like
> > the most appropriate solution in the SSO world – as in, there’s still a
> > “single” sign-on point which is used by all third-party systems. If I
> > understand correctly, this could possibly be as easy as setting up
> > auth-server-url property in Aerogear’s keycloak.json so it delegates to
> > external Keycloak instance instead of using its “own” one.
> >
> >
> >
> > I’m happy to spend some time investigating and experimenting with both
> > options.
> >
> >
> >
> > Cheers
> >
> > Egor
> >
> >
> >
> >
> >
> >
> >
> > *From:* aerogear-dev-bounces at lists.jboss.org [mailto:
> > aerogear-dev-bounces at lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> > *Sent:* Tuesday, 14 October 2014 12:49 AM
> >
> > *To:* AeroGear Developer Mailing List
> > *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> > Aerogear
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Oct 13, 2014 at 3:40 PM, Egor Kolesnikov <
> > egor.kolesnikov at fastlane-it.com> wrote:
> >
> > Hi Matthias
> >
> >
> >
> > That’s correct – we are already using Keycloak to secure our RESTful APIs
> > for mobile and web client access. Not that having separate installation for
> > exclusive Aerogear is a dealbreaker, but it would re-introduce the problem
> > Keycloak was supposed to solve in the first place J
> >
> >
> >
> > fully understand! But we, initially, felt like limiting a bit. that said,
> > we are flexible and there might be a chance to have this changed
> >
> >
> >
> >
> >
> > I can see that UpsSecurityApplication class kills off Keycloak admin user
> > in master realm – would it break anything if I disabled this feature and
> > started using Aerogear-supplied Keycloak for other purposes on separate
> > realms?
> >
> >
> >
> > I don't think so (not tested). I recall we did this mainly to avoid adding
> > new realms
> >
> >
> >
> >
> >
> > Our use case is mobile app (iOS+android), backend and AngularJS-based web
> > frontend and so far Keycloak fits our purpose like a glove. Now that we’re
> > adding Push notification support, Aerogear appears to be quite logical
> > choice.
> >
> >
> >
> >
> >
> > sounds great!
> >
> >
> >
> >
> >
> > Thanks
> >
> > Egor
> >
> >
> >
> > *From:* aerogear-dev-bounces at lists.jboss.org [mailto:
> > aerogear-dev-bounces at lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> > *Sent:* Tuesday, 14 October 2014 12:29 AM
> > *To:* AeroGear Developer Mailing List
> > *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> > Aerogear
> >
> >
> >
> > Hi,
> >
> >
> >
> > for the UnifiedPush Server the initial integration case was to function
> > only for the need of the AeroGear UnifiedPush server.
> >
> >
> >
> > So, looks like, you'd appreciate a bit more flexibility, to basically use
> > the auth-server for other apps as well ?
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Oct 13, 2014 at 3:18 PM, ekolesnikov <ek at fastlane-it.com> wrote:
> >
> > Hi,
> >
> > Apologies for writing straight into DEV forums - I was unable to locate
> > "aerogear-users" mailing list anywhere. Please feel free to point me to the
> > right direction if this mailing list is inappropriate for questions like
> > this.
> >
> > Is it possible to use/integrate Aerogear with existing Keycloak
> > installation? We are already using Keycloak for all things auth in our
> > application and have found ourselves in the situation where we potentially
> > have to manage separate infrastructure - which makes the whole point of
> > using Keycloak a bit irrelevant.
> >
> > As an alternative, we could consider using Keycloak supplied with with
> > Aerogear - unfortunately, it looks like Aerogear has disabled Keycloak
> > option to create additional realms.
> >
> > I would really appreciate it if you could share your thought on this.
> >
> > Thanks
> > Egor
> >
> >
> >
> > --
> > View this message in context:
> > http://aerogear-dev.1069024.n5.nabble.com/Using-existing-Keycloak-installation-with-Aerogear-tp9440.html
> > Sent from the aerogear-dev mailing list archive at Nabble.com.
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> >
> > ------------------------------
> >
> > <http://www.avast.com/>
> >
> > This email is free from viruses and malware because avast! Antivirus
> > <http://www.avast.com/> protection is active.
> >
> >
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> >
> > ------------------------------
> >    <http://www.avast.com/>
> >
> > This email is free from viruses and malware because avast! Antivirus
> > <http://www.avast.com/> protection is active.
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf

> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


--

abstractj
PGP: 0x84DC9914


More information about the aerogear-dev mailing list