[Hawkular-dev] Keycloak on Hawkular

[Juraci Paixão Kröhling]

Similar to the thread about Tenancy on Hawkular Services, I thought I'd 
also post about the current state of Keycloak for Hawkular.

Hawkular Services cannot depend on Keycloak. Because of that, Nest is 
being changed to not consume the Keycloak Feature pack as before.

As a side effect, we do not have support for tokens anymore (key/secret 
tokens, created via the "Tokens" UI), as those tokens were backed by 
OAuth Offline Tokens.

Hawkular Services will have a simple JAAS integration, which should give 
us enough flexibility for the scenarios that we need to support.

The UI on Hawkular will also have to remove the keycloak.js . I have yet 
to talk to the UI developers, but I think the main idea for now would be 
to have the WAR for the UI to be deployed and protected like any other 
backend component. The Accounts-related part will also have to be 
removed, such as the Organization and Token management.

Nothing prevents Hawkular from shipping with Keycloak (server and/or 
adapter), as recent versions of Keycloak can protect any WAR deployments 
transparently, via the Keycloak Adapter Subsystem for Wildfly. This can 
be done by the community if interest in that integration exists but I 
currently have no plans on working on that.

For reference, this is how you can activate a simple JAAS for your 
deployments:

https://git.io/vwADp - web.xml (on your WAR)
https://git.io/vwAyT - application-roles.properties
https://git.io/vwAyL - application-users.properties

- Juca.