<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jan 30, 2014 at 2:45 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">The admin console has a REST API that you can use directly to configure<br>
your realm and applications if you need.<br>
<br>
Without a Wildfly subsystem, keycloak.json is required to get the public<br>
key and your client credentials.<br>
<br>
The wildfly subsystem will remove the need for cracking open a WAR. The<br>
initial implementation may be a little clumsy at first, but I think<br>
there's a huge amount we can do to make it real easy to use.<br></blockquote><div><br></div><div>that (wildfly subsystem) pretty much sounds like what we would want to use for an integration of the UnifiedPush Server and Keycloak.</div>
<div><br></div><div>I don't care that much if it is a bit clumsy at first, since we can always improve it later; Most benefit of using the subsystem, for us, will be getting rid of the keycloak.json requirement</div><div>
<br></div><div>-Matthias<br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div class="h5"><br>
<br>
<br>
On 1/30/2014 8:30 AM, Matthias Wessendorf wrote:<br>
> Hello there!<br>
><br>
><br>
> For the AeroGear UnifiedPush Server Bruno and I started looking at<br>
> Keycloak ([1]). On this branch, we basically include the adapater jar<br>
> and a keycloak.json file and simply rely on Keycloak as an external<br>
> service (e.g. as different WAR inside of the same containter). That<br>
> works very well so far!!<br>
> However, here I have to create a realm in the server (either via<br>
> Admin-Console or by including it via something like 'myRealm.json') and<br>
> afterwards I have to 'hard-code' the public key into my own WAR file<br>
> (keycloak.jso):<br>
><br>
> <a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/keycloak.json#L3" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/keycloak.json#L3</a><br>
><br>
> So this would be a little bit of a negative effect;<br>
><br>
><br>
><br>
> Another option would be embedding the Keycloak JARs into my own WAR<br>
> file, by adding all the dependent JARs, similiar to what the<br>
> 'keycloak-server' does ([2]). At the end I'd have an uber WAR file,<br>
> containing UPS and Keycloak facilities. However, I think the 'problem'<br>
> w/ the 'hard-code' key inside of the keycloak.json would be there as<br>
> well, right ?<br>
><br>
><br>
><br>
> On the IRC channel Stian mentioned that there will be a WildFly<br>
> subsystem soon. I think, from what I hear, the real benefit of this<br>
> subsystem are the following items:<br>
><br>
> * configuring realms through standalone.xml<br>
> * automatically sets up security for wars (using the wildfly adapter)<br>
><br>
> So, this option seems to let us avoid the above described keycloak.json<br>
> 'issue', right ?<br>
><br>
> For a future integration w/ the Keycloak SSO server, I could leverage<br>
> the Subsystem deliverables and bundle them w/ our own UnifiedPush Server<br>
> distribution, to ensure things are running out of the box; Or is the<br>
> subsystem not the best option for a Push/Keycloak integration ?<br>
><br>
><br>
><br>
> -Matthias<br>
><br>
><br>
> [1] <a href="https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak</a><br>
> [2] <a href="https://github.com/keycloak/keycloak/blob/master/server/pom.xml" target="_blank">https://github.com/keycloak/keycloak/blob/master/server/pom.xml</a><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
><br>
<span class=""><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>