[keycloak-dev] add-user.sh overwrites wildfly one
Stian Thorgersen
sthorger at redhat.com
Sat Apr 23 01:29:58 EDT 2016
In the future we need to secure the underlying WildFly with rhsso. In which
case our add-user will add users for both Keycloak and WildFly/EAP.
IMO there's going to be confusion until the above is solved no matter what
we do. We'll need to document this whichever way we do it. Options are stay
with what we have or rename our script. My vote goes to keep as is and
document it. Then hopefully by 7.1 we can secure the WildFly bits so the
problem goes away. With the other option (rename ours) there will be a
problem once WildFly bits are secured by Keycloak as now the wf add-user
script should no longer be used and completely removed at which point we
should then rename it back. So in the long run sticking with how it is
today is ideal. It's also way to late making changes now. BTW this has been
around for months.
On 22 Apr 2016 22:14, "Bill Burke" <bburke at redhat.com> wrote:
>
>
> On 4/22/2016 3:57 PM, Marek Posolda wrote:
> > That's the question...
> >
> > For server distribution, we also have our stuff ( keycloak subsystem,
> > datasource, infinispan etc) directly declared in "standalone.xml". On
> > the other hand, for overlay distribution, we don't want to directly
> > update default "standalone.xml", so we are adding our own
> > "standalone-keycloak.xml". Isn't it quite similar thing?
> >
>
> Product will not have the overlay distribution.
>
> > We can do the same for overlay and server distribution, so never edit
> > default wildfly files ( standalone.xml , add-user.sh), but always use
> > our own versions with "-keycloak" suffix. Advantage is more
> > consistent. However people will need to always start keycloak server
> > with "./standalone.sh -c standalone-keycloak.xml" then. Doesn't it
> > sucks from the usability perspective?
> >
>
> The overlay exists because we can't distribute EAP within community.
> Keycloak should be run as a separate server, so, IMO, -keycloak.xml
> files should go away and overwrite standalone.xml, standalone-ha.xml and
> domain.xml
>
> > I honestly don't know what's the best way regarding usability. AFAIK
> > this was decided on mailing lists couple of months ago, but don't
> > remember the exact threads...:/
> >
>
> I'm pretty adamant about this. There will be a huge amount of confusion
> if we don't make this separation. Wildfly/JBoss and Keycloak are hard
> enough to configure as it is.
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160423/3eb86989/attachment-0001.html
More information about the keycloak-dev
mailing list