[keycloak-dev] [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2

Stan Silvert ssilvert at redhat.com
Fri Jan 16 11:41:59 EST 2015 

On 1/16/2015 10:17 AM, Stian Thorgersen wrote:
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Friday, 16 January, 2015 3:20:18 PM
>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
>>
>> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's down to
>>> this issue. I should have raised it before, but it completely slipped my
>>> mind :(
>> We did talk about this at great length before.   I tried and tried to
>> preserve the "drop it in the file system" approach.  It just plain won't
>> work for domains.
> I know we did, but I like changing my mind ;)
>
>>> IMO we need:
>>>
>>> 1. A usable way to deploy a provider without using the CLI GUI
>>> 2. Ideally be able to deploy a provider with an offline server
>> We have 5 ways to add a provider:
>> 1. CLI
>> 2. CLI GUI
>> 3. CLI script
>> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
>> 5. Use the war dist and do it the old way.
> 1-3. If the CLI was easy to use that would work, except we also need to be able to do it offline.
We can ship a script that makes this task a little easier as you suggest 
below.

As for offline, I don't understand what the problem is.  You mentioned 
docker, which I haven't looked at much.  Why can't you have an image 
that was created from an overlaid Keycloak server?
>   I don't really like the deployment overalys as it all feels a bit magical and black boxed.
Don't you think it's better than telling them to hack our WAR?
> 4.   I hate this - the user shouldn't have to explode the WAR and also it's in a really strange place for a user to find
I hate it too.  I almost wish I hadn't implemented exploded mode.  I 
re-verified that it is working, btw.
> 5.   That's not an option for the appliance
You still could do it with the appliance if you wanted.

But the idea of the appliance is that you shouldn't need to change it 
except through a UI.  That's where the overlay method will really shine, 
especially when we can get provider management into our own UI.  At that 
point, copying jars to a file system will look extremely primitive in 
comparison.
>
> Maybe what we could do for now is to create add-provider.sh/bat scripts that makes it easier to do without any knowledge of CLI.
>
> Can we not use modules as Bill suggests? We could make the keycloak subsystem depend on a keycloak-providers module and users would register their provider modules there.
>
>> Why are these not sufficient?
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>> Cc: keycloak-user at lists.jboss.org
>>>> Sent: Friday, 16 January, 2015 2:13:24 PM
>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>>>> Keycloak 1.1 Beta-2
>>>>
>>>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>> Cc: keycloak-user at lists.jboss.org
>>>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>>>>>> Keycloak 1.1 Beta-2
>>>>>>
>>>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>>>> How is a provider added using the CLI? I can't find any examples on
>>>>>>> that.
>>>>>> In the doc there is a step-by-step example of how to do it.  See section
>>>>>> 3.4.2.2.
>>>>>> http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-installation.html#d4e350
>>>>> That example uses the CLI GUI, we need one that uses plain CLI
>>>> Plain CLI is harder in this case.  CLI GUI lets you browse for the file
>>>> you need.   Overall, plain CLI is a lot more error prone.
>>>>
>>>> If you do this once in CLI GUI then you will generate the CLI command
>>>> that you can cut and paste into plain CLI or a script.  But if you want,
>>>> I can include an example of that command.
>>>>> There's also another issue with this approach, which I didn't stress
>>>>> enough
>>>>> last time around, it requires the server to be running to add providers.
>>>>> That makes it much harder to for example create a Docker cartridge that
>>>>> includes some custom providers.
>>>> Perhaps we just need to document the fact that you can still explode the
>>>> WAR and do it the old way?
>>>>>>> Also, there are still several references in the docs and examples that
>>>>>>> uses
>>>>>>> the old approach of copying to WEB-INF/lib.
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>>>>>> To: keycloak-user at lists.jboss.org
>>>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar
>>>>>>>> in
>>>>>>>> Keycloak 1.1 Beta-2
>>>>>>>>
>>>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>>>
>>>>>>>> See
>>>>>>>> http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-installation.html#d4e350
>>>>>>>>
>>>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I created a custom User Federation Provider and deployed it as per the
>>>>>>>> documentation. It worked in earlier versions (1.1 Beta-1) but it
>>>>>>>> appears
>>>>>>>> that the location of Keycloak war in Wildfly has changed in 1.1 Beta-2
>>>>>>>> version and it is no longer inflated. Can someone suggest where
>>>>>>>> exactly
>>>>>>>> I
>>>>>>>> have to place the Federation provider jar in 1.1 Beta-2 version?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Raghu
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>

More information about the keycloak-dev mailing list