<div dir="ltr">Hi,<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Feb 7, 2014 at 3:15 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">We still need to figure this out.<br>
<br>
Can't port mappings be set up from the cartridge config so the<br>
as7/wildfly mgmt HTTP interface can be exposed? There's also a problem<br>
of setting up credentials for the as7/wildfly HTTP mgmt service. Quite<br>
honestly, I'm not sure how we can use a Wildfly subsystem for this.<br>
<br></blockquote><div><br></div><div>I am also not really sure on this, atm.</div><div>I started looking into this a bit this week, but didn't make real progress.</div><div>Next week I will continue;</div><div><br></div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
We just might have to build support for all this within the keycloak<br>
adapter itself. Allow it the ability to modify the keycloak.json file.<br>
Then you only have one Aerogear UPS + Keycloak cartridge.<br>
<br>
1. UPS would use a preconfigured co-bundled Keycloak for initial login<br>
2. Initial login would require you to change the admin password<br>
3. UPS Admin page allows you to switch Keycloak realms.<br>
4. Switching a realm automatically creates the UPS Application on the<br>
new Keycloak realm. It also rewrites the keycloak.json file, and also<br>
modifies the adapter's runtime config.<br>
<br>
Am I making any sense?<br></blockquote><div><br></div><div>That would be for a bundled integration, where everything runs out-of-the-box, right?</div><div><br></div><div>I believe this does make sense, and would be a good starting point.</div>
<div><br></div><div>I am not yet sure on the 'external' case - e.g. where one company has a single Keycloak server, and several apps</div><div>pointing to it. If the org. than wants to run the UPS w/ against that keycloak as well, they would have to open the WAR and start editing some files.</div>
<div><br></div><div><br></div><div><br></div><div>-Matthias</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>