[Hawkular-dev] Should Keycloak integration be optional?
Thomas Heute
theute at redhat.com
Mon Jan 26 03:59:05 EST 2015
In terms of priority, we should focus on Hawkular (not just metrics)
with Keycloak support and having it optional is not the priority.
Thomas
On 01/23/2015 06:54 PM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As I mentioned on the previous email, one of the questions during the
> demo was if it would be possible to have the Keycloak integration as
> an optional part.
>
> In the backend part, it's not hard to disable Keycloak as the
> authentication mechanism, as it's just JAAS. That would require,
> though, a second JAAS implementation to replace it.
>
> In the frontend part, however, it's a bit more complicated. The setup
> right now is that the web console is treated as an HTML5 single-page
> app. This means that the web console is one application and the
> backend is a different one, and they propagate the authentication by
> using the tokens: the web console gets a token from the Keycloak
> JavaScript adapter once the user logs in and sends it along with each
> request to the backend. The backend (Keycloak Wildfly Adapter) reads
> this token and retrieves the user data from the Keycloak server,
> allowing the request to execute or not.
>
> This means that either:
>
> 1) web console and REST API (and possibly other wars) become one, so
> that the HTML5 single-page app can be served only after the user logs
> in (classic Java EE application)
>
> 2) the backend JAAS adapter would need to support also some sort of
> token exchange, with the frontend abstracting the Keycloak adapter to
> work with one auth mechanism or another, possibly auto identifying
> what is the backend's auth mechanism.
>
> 3) ??
>
> I don't think that the first option is a real one. Having small wars,
> each taking care of one concern, is a goal on the project.
>
> So, would an effort in making Keycloak an optional part be worth it?
> Should I pursue it?
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUworiAAoJECKM1e+fkPrX8oMH/jC6DSOzx5gJuQNVHsojO6jB
> xHjAbhiF89mnlC9iHBKTmZnJ6O4sOs870tibxhhmNvJs+N5wvQVCWhv+5JdqONfe
> ETP4O7iKYLHu317DuNW8gl3FRP9Mgj/FkpgGhanikOLZ7S1B9/86zv8qdQ1/C6Hm
> EM1MOIlSqqwPk+QPj/51Uo6rMG42ObG6P+mJOu7IhuJK4LS0uZI3yCIyk42+ngit
> +T05kOfYOL24nOcL4iCjb0+Qg9SjNPASklq79Kz1h9tMZkq3CAXwyPJ0ty0kKSwR
> mejY48LahgwmGQF53zovQJbb7Lpek+Uu9+G/vbcaJGLgqs5qwQq+3qa3e81Q9I0=
> =5KoB
> -----END PGP SIGNATURE-----
> _______________________________________________
> hawkular-dev mailing list
> hawkular-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hawkular-dev
>
More information about the hawkular-dev
mailing list