[keycloak-dev] Aerogear UPS + External Keycloak boostrap

Bill Burke bburke at redhat.com
Fri Feb 7 08:56:12 EST 2014 


On 2/7/2014 3:01 AM, Matthias Wessendorf wrote:
> Hi,
>
>
> On Fri, Feb 7, 2014 at 3:15 AM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     We still need to figure this out.
>
>     Can't port mappings be set up from the cartridge config so the
>     as7/wildfly mgmt HTTP interface can be exposed?  There's also a problem
>     of setting up credentials for the as7/wildfly HTTP mgmt service.  Quite
>     honestly, I'm not sure how we can use a Wildfly subsystem for this.
>
>
> I am also not really sure on this, atm.
> I started looking into this a bit this week, but didn't make real progress.
> Next week I will continue;
>
>     We just might have to build support for all this within the keycloak
>     adapter itself.  Allow it the ability to modify the keycloak.json file.
>        Then you only have one Aerogear UPS + Keycloak cartridge.
>
>     1. UPS would use a preconfigured co-bundled Keycloak for initial login
>     2. Initial login would require you to change the admin password
>     3. UPS Admin page allows you to switch Keycloak realms.
>     4. Switching a realm automatically creates the UPS Application on the
>     new Keycloak realm.  It also rewrites the keycloak.json file, and also
>     modifies the adapter's runtime config.
>
>     Am I making any sense?
>
>
> That would be for a bundled integration, where everything runs
> out-of-the-box, right?
>
> I believe this does make sense, and would be a good starting point.
>
> I am not yet sure on the 'external' case - e.g. where one company has a
> single Keycloak server, and several apps
> pointing to it. If the org. than wants to run the UPS w/ against that
> keycloak as well, they would have to open the WAR and start editing some
> files.
>

That's what I'm trying to suggest.  There would be a button somewhere in 
Keycloak that allowed you to switch/migrate your Realm.  The adapter 
could have a REST interface that allowed you to do a one-time modify of 
the keycloak.json file from the keycloak admin console.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list