[keycloak-dev] bundle an SMTP server?

Stian Thorgersen stian at redhat.com
Fri Nov 8 05:42:39 EST 2013 

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 5 November, 2013 4:21:54 PM
> Subject: Re: [keycloak-dev] bundle an SMTP server?
> 
> I disagree.  Users aren't going to download Keycloak and immediately use
> it in production.  Autogenerated self-signed SSL certs, an SMTP server,
> and a preconfigured DB all make sense as then the user can immediately
> use keycloak in development and configure certs, db, etc. later when
> they want to run it in production.

Why would a developer need SSL? There's a good reason why I wouldn't want to have a self-signed cert while doing dev/test and that's the fact that the browser will keep bugging you telling you that the certificate is not valid. I think Firefox let's you accept the certificate permanently, but Chrome will just keep bugging you over and over again.

With regards to SMTP server, I think it's going to be rare that a developer needs this. If when it's needed during development, I would at least personally prefer to just have it print the email to the log, or just have it use my gmail account for sending mails. Emails sent from a email server that is not properly associated with a domain will with a high likely hood end up in spam.

The simplest solution for a developer to use Keycloak would in my opinion be a fully hosted solution. That way you can have proper SSL cert, email server and db, all without having to worry about anything other than using it. The second best would be a proper OpenShift cartridge. This would let you use the shared OpenShift SSL cert, a proper db (automatically configured and setup), but AFAIK there's no email server cartridge for OpenShift. There may be a good reason for that, a shared email server that lets anyone send emails could be used to send spam, and would result in it being quickly blacklisted by spam filters.

> 
> The less things a developer has to do to testdrive keycloak the better.
>   Too bad we can't offer preconfigured social provider.  Then again, I
> guess we could, and hope google, et. al. doesn't shut it down.
> 
> On 11/5/2013 10:57 AM, Stian Thorgersen wrote:
> > Personally I don't think the zip dist should configure smtp, db or ssl.
> > This should be left to an appliance (OpenShift cartridge?) or a hosted
> > solution (keycloak.org?).
> >
> > * SSL certificates needs to be signed and associated with a domain
> > * SMTP servers needs to be associated with a domain
> > * Embedded relational db's are pretty crap and not suitable for production
> >
> > SMTP has quite a few caveats to make sure emails are not blocked by spam
> > filters.
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Tuesday, 5 November, 2013 3:04:45 PM
> >> Subject: [keycloak-dev] bundle an SMTP server?
> >>
> >> Along the lines of wanting to run out of the box, is there any reason we
> >> shouldn't bundle an SMTP server (i.e. James) and have it preconfigured?
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>

More information about the keycloak-dev mailing list