<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>You should rethink your position, IMO. Its actually a huge
benefit in both usability and performance.</p>
<p>Usability in that you don't have to configure and run a
completely different program/process that is configured completely
different than Keycloak. You can configure and manage all clients
in one place. Performance is that you get rid of all the
redirects that happen with SAML and OIDC. FOr your performance
concern, you would just assign only a set of specific nodes that
would be your proxy. So, if you had a keycloak cluster of 4
nodes, 2 nodes could be designated solely as proxy nodes, the
other 2 for normal SSO. <br>
</p>
<br>
<div class="moz-cite-prefix">On 8/15/16 7:44 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAfRUQ6duGgUEz=TNbsc05jfpsCYFts99rAdP9bTFLbMMQ@mail.gmail.com"
type="cite">
<div dir="ltr">I'm not convinced about this. A lot of complexity
for what seems like little benefit. The improvement of not
having to do OIDC would probably end up being outweighed by all
requests going through Keycloak rather than a separate proxy.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 9 August 2016 at 11:06, Thomas
Darimont <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:thomas.darimont@googlemail.com"
target="_blank">thomas.darimont@googlemail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">FYI, I sent some questions to the undertow
dev-mailing list regarding dynamic vhost configuration:
<div><a moz-do-not-send="true"
href="http://lists.jboss.org/pipermail/undertow-dev/2016-August/001668.html"
target="_blank">http://lists.jboss.org/<wbr>pipermail/undertow-dev/2016-<wbr>August/001668.html</a><br>
</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Thomas</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-08-05 21:26 GMT+02:00
Bill Burke <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Yeah, on the Client creation page, instead of
oidc or saml, you can pick "proxied". You
would specify the URL pattern of incoming
requests and the URL pattern to forward HTTP
requests and bam, it just works. Set up some
virtual host table on demand with Undertow.<br>
</p>
<div>
<div> <br>
<div>On 8/5/16 11:36 AM, Thomas Darimont
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Sounds interesting...
<div><br>
</div>
<div>could you provide a bit more detail
about what you have in mind?</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Thomas</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-08-05
16:38 GMT+02:00 Bill Burke <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:bburke@redhat.com"
target="_blank">bburke@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">Bump.<br>
<br>
I'm going to keep bumping this
occasionally to see if somebody in
the<br>
community wants to take this on.<br>
<div>
<div><br>
<br>
On 8/4/16 8:30 PM, Bill Burke
wrote:<br>
> I think we should combine
Keycloak Proxy with the keycloak
server. When<br>
> creating a client, you
would have an option to declare
it as a proxied<br>
> client. This is way better
than what we currently have as
we woudln't<br>
> have to do SAML or OIDC so
it would be more performant and
it would<br>
> require no additional
setup.<br>
><br>
>
______________________________<wbr>_________________<br>
> keycloak-dev mailing list<br>
> <a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer"
target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br>
<br>
______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer"
target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>