<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Jan 22, 2014, at 6:53 AM, Matthias Wessendorf <<a href="mailto:matzew@apache.org">matzew@apache.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Hello Stian,<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jan 22, 2014 at 12:40 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">It's great to see interest in the Keycloak project :)<br>
<br>
We've been quite busy with getting the alpha out the door (hopefully it'll be released tomorrow) hence the lack of response. Also, I don't think Bill follows aerogear-dev.<br>
<br>
Would be good to start discussions on these items, maybe as separate posts to keycloak-dev?<br></blockquote><div><br></div><div>sure, that would work for me</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
A few thoughts from me:<br>
<br>
* We've got a quick and dirty OpenShift cartridge (<a href="https://github.com/keycloak/openshift-keycloak-cartridge" target="_blank">https://github.com/keycloak/openshift-keycloak-cartridge</a>) - it's based on the WildFly cartridge by Corey Daley. Seems to work pretty well and took me about an hour to do the mods. I was considering if it was possible to do the Keycloak and UPS cartridges as add-ons to the WildFly cartridge (same as postgresql and mysql cartridges). That way you can mix and match whatever combo you want. A specific cartridge may provide a better integrated experience though. Maybe we can ping someone in the OpenShift team to find out the correct approach?<br>
</blockquote><div><br></div><div>sounds reasonable. Farah was kindly helping us w/ our Push Cartridge (containing Unified- and SimplePush Servers + MySQL).</div><div>There are thoughts on integrating the UPS (e.g. the user management) w/ Keycloak. Something like that makes a perfect 'mix' for adding the Keycloak bits into our cartridge. Sure we could 're-lable' it. Is that something that sounds good ? </div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
* Mobile SDKs - There's not much effort yet on supporting mobiles. Maybe you could help us with creating Keycloak SDKs, with most of the code reusable in AeroGear and LiveOak?<br></blockquote><div><br></div><div>Absolutely, for that I think it would be good to start a thread on keycloak-dev regarding 'requirements' / desired functionality. Ideally these SDKs are leveraging AeroGear's mobile client SDKs.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
* JS - None in Keycloak, but I've started one in LiveOak. Again, could we do a Keycloak JS lib that could be reused by AeroGear and LiveOak?<br></blockquote><div><br></div><div>+1 and that would be needed pretty much once the UnifiedPushServer is integrating w/ Keycloak :-)</div></div></div></div></blockquote><div><br></div><div>what is the target for having the "implicit" auth flow, since this is needed for JS clients.</div><div><br></div><div>I have a OAuth2 client in aerogear.js, currently tested against googles OAuth2 stuff, but it is written to spec</div><br><blockquote type="cite"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
If you have any issues/questions at all post to keycloak-dev and I'm sure me and Bill will fight to see how gets to answer first ;)<br></blockquote><div><br></div><div>yay!</div><div><br></div><div>Cheers!</div><div>
Matthias</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><div class="h5"><br>
----- Original Message -----<br>
> From: "Matthias Wessendorf" <<a href="mailto:matzew@apache.org">matzew@apache.org</a>><br>
> To: "AeroGear Developer Mailing List" <<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>><br>
> Sent: Wednesday, 22 January, 2014 7:41:10 AM<br>
> Subject: Re: [aerogear-dev] Keycloak integration ideas<br>
><br>
><br>
><br>
><br>
> On Tue, Jan 21, 2014 at 11:10 PM, Jay Balunas < <a href="mailto:jbalunas@redhat.com">jbalunas@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
><br>
> On Jan 19, 2014, at 10:18 AM, Matthias Wessendorf < <a href="mailto:matzew@apache.org">matzew@apache.org</a> ><br>
> wrote:<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas < <a href="mailto:jbalunas@redhat.com">jbalunas@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> Hi All,<br>
><br>
> Sorry all - book mode ;-)<br>
><br>
> We've had a couple of threads around keycloak integration (thanks Abstractj)<br>
> and working together with them (both in our dev list and theirs). I had a<br>
> meeting (dinner really) with Bill and talked about some possibilities and<br>
> we're both excited to see what can happen.<br>
><br>
> I wanted to capture some of those thoughts here (as well as some that already<br>
> started before), have some discussions, and more importantly talk about next<br>
> steps (jira's) to get some of this in the pipeline. I'm sure this is not<br>
> exhaustive either, so please add your own thoughts, brainstorming etc...<br>
> (for example Cordova plugin perhaps?)<br>
><br>
> *In no particular order<br>
><br>
> A) AeroGear security integration<br>
> ** Abstractj already posted and implemented some of these changes<br>
> **<br>
> <a href="http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGear-td5663.html" target="_blank">http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGear-td5663.html</a><br>
> ** What's left here? Is it plug-able? Does it need to be?<br>
><br>
> The work started by Bruno looks promising. I like that for the login to the<br>
> UPS Admin UI is being forwarded to the Keycloak server.<br>
> As mentioned on the referenced thread, there is a bit of more work needed for<br>
> the "protection" of the SEND (and likely device registration) URLs.<br>
><br>
><br>
><br>
><br>
><br>
> B) Crypto key management<br>
> ** Server-side encryption key management for client crypto<br>
> ** Abstractj had some discussions here<br>
> *** <a href="http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html</a><br>
> *** Where does that stand?<br>
> ** Do we need our own impl as well?<br>
><br>
> C) UnifiedPush server integration<br>
> ** User management, Auth*<br>
> ** Do we have our own basic impl for quickstart experience?<br>
> ** See below for possible combined cartridge options<br>
><br>
> yep, the UPS come in mind and as mentioned in A) Bruno was already actively<br>
> starting this shortly before XMAS.<br>
><br>
><br>
><br>
><br>
><br>
> D) Cross-project examples, tutorials, docs, etc...<br>
> ** TBD<br>
><br>
> Sure, combined docs/tutorials/examples are a good item once we do have a bit<br>
> more :-) Not sure it makes much sense now, but I can be wrong<br>
><br>
> Completely agree now is not the time. Just wanted to bring it up for<br>
> discussion.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> KeyCloak has some things they need as well, that we could work together on.<br>
> I'm sure the KeyCloak team could add more here :-)<br>
><br>
> Z) Device support<br>
> ** We need it, they need, and others need it<br>
> ** Bill would like us to help them (and us at the same time) with this.<br>
><br>
> yeah - that would be an extremely good fit for our Push efforts.<br>
><br>
> We'll need someone to setup a mtg, or discuss on the topic. Any takers?<br>
><br>
> I can reach out to them, via mailing list, to see what they are up to,<br>
> regarding "Device support". Not 100% sure which email list is the 'right'<br>
> choice (cross-postings are IMO a PITA :))<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> Y) OpenShift Cartridge for KeyCloak<br>
> ** I know this is already on their roadmap<br>
> ** The work Farah and others has already done, could be very helpful to them<br>
> ** We should also discuss the possibility of a joint cartridge<br>
> *** Could be really compelling, especially if you add in device, client key,<br>
> and push support with native SDKs & examples<br>
> *** Would also want separate cartridges as well imo<br>
><br>
> yeah, I see various options here:<br>
> * 'standalone' Keycloak cartridge (on their roadmap already); Would be nice<br>
> to get Farah involved here as well<br>
> * combined cartridge (E.g. Push + Keycloak). If we do actually fully<br>
> integrate Keycloak into the Push work, IMO this is a required option, to<br>
> simply include the Keycloak offerings into our Push Cartridge<br>
><br>
> Agreed, and I'd like to hear from the keycloak team on this as well. If they<br>
> have plans for pairing their cartridge with others.<br>
><br>
> On their list they are currently talking about standalone ones, but later, we<br>
> might be able to integrate w/ their server piece.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> X) Client SDK support<br>
> ** We have client SDKs & could help with their dev (either as part of<br>
> AeroGear or KeyCloak perhaps)<br>
> ** Primarily for iOS & Android, but would also want see where JS & Cordova<br>
> fit.<br>
><br>
> Yes, another good integration item, would be interesting to know their<br>
> 'requirements'. I think our OAuth2 related work, would be something that's<br>
> interesting for them as well<br>
><br>
> +1<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> You start putting all of this together and there is a great set of<br>
> functionality that really compliments each other well. After we discuss for<br>
> a while, I'd like to find owners for the various items to help make progress<br>
> on these. Abstractj is awesome, but not sure he can do it all ;-)<br>
><br>
> yes, great work by Bruno w/ getting actively started on this<br>
><br>
> +1<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> -Jay<br>
><br>
> PS: I'll post an email to the keycloak-dev list as well pointing to this<br>
> thread on our list.<br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>
_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/aerogear-dev</blockquote></div><br></body></html>