[keycloak-dev] Keycloak M1 distribution

Bill Burke bburke at redhat.com
Fri Nov 1 11:12:17 EDT 2013 


On 11/1/2013 10:50 AM, Stian Thorgersen wrote:
> I've committed something for this now. I added a server war module, and a dist module. If you build the project with "-Prelease" it will create a standalone Keycloak server in dist/target. At the moment it is built on-top of AS 7.1.1.Final.
>

I wish we could distribute EAP.... PM really fucked us by holding up AS7 
community releases.

I'd like to also like to have the following:

* remove AS7/Wildfly subsystems that don't make sense to make the distro 
smaller.

* Automatically generate keypair/cert for SSL on startup if not already 
set up.

* secure JBoss/Wildfly web console with Keycloak.  This means adding an 
Application to the "Keycloak Adminstration" realm and applying 
appropriate permissions to "admin" user.

more comments follow...

> Currently the database is not configured and it's just using the example datasource (H2 in-mem, so data is lost on restart).
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 30 October, 2013 8:08:35 PM
>> Subject: Re: [keycloak-dev] Keycloak M1 distribution
>>
>> I wanted the distro to be AS7 or Wildfly distro, not just a war.  All
>> preconfigured with SSL, DB, etc.  An appliance.  Would be cool to
>> auto-gen a new key-pair for SSL on initial startup, but not sure how
>> feasible that is.
>>
>> If I had to pick one or the other, distro should take priority over
>> Openshift, but we should be able to do both.
>
> An OpenShift QuickStart is really not that much work. We can base it on https://github.com/stianst/openshift-wildfly, make it dl Keycloak dist instead of WildFly dist, add some magic around db config. Should be less than a days work.
>

This will look really nice.

>>
>> Also, not sure how much it makes sense to ship a Wildfly distro without
>> a Wildfly application adapter.  I only partially implemented it a few
>> months ago.  It on the short list for my todo list.
>
> At the moment there's blockers for being able to use WildFly, the adapter and issues with PicketLink. Besides, it's only a beta at the moment, so I don't think it's to unreasonable that we ship M1 with AS 7.1.1.Final.
>

I need to do a Wildfly adapter sooner rather than later to make sure the 
Undertow auth model will work with what we want to do.  I'm also 
currently creating a pure JPA model (see previous email) so we dont' 
have to worry about PL issues anymore.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list