[keycloak-user] Change keycloak.json adapter config on the fly
Orestis Tsakiridis
orestis.tsakiridis at telestax.com
Mon Jul 6 10:41:53 EDT 2015
Thanks all for your responses!
I'm using the JBoss/Wildfly adapter.
So, my case can be reduced to the following:
I have a java REST bearer-only web application (no Spring context here)
that is protected using keycloak1.json
I need to switch on the fly (at runtime, without container restart or
re-deploying) to another keycloak2.json adapter config.
It seems that the multitenancy solution suggested by Bill should work.
Best regards
Orestis
On Mon, Jul 6, 2015 at 4:54 PM, Scott Rossillo <srossillo at smartling.com>
wrote:
> Sorry, just re-read the whole thread. Which adapter are you using?
>
> On Mon, Jul 6, 2015 at 9:52 AM, Scott Rossillo <srossillo at smartling.com>
> wrote:
>
>> Well, the keycloak.json config is just a means to configure
>> a KeycloakDeployment from an AdapterConfig object. Specifically for the the
>> Spring adapter, the AdapterDeploymentContextBean would have to be aware
>> that the deployment changed. There would be a minimal amount of code needed
>> to support that and we can modify AdapterDeploymentContextBean to be more
>> flexible.
>>
>> Just so I understand what you're asking for: you want to be able to
>> update a KeycloakDeployment on-the-fly, correct? Also, you're aware that a
>> keycloak.json can be configured at startup via either environment variables
>> on command like properties, correct? You have to change at runtime?
>>
>> I think the AdapterDeploymentContextBean should be as flexible as
>> possible, however I have a small concern about the security of allowing
>> certain properties to be swapped at runtime (e.g. the realm-public-key and
>> the auth-server-url).
>>
>> Best,
>> Scott
>>
>>
>> On Mon, Jul 6, 2015 at 7:33 AM, Orestis Tsakiridis <
>> orestis.tsakiridis at telestax.com> wrote:
>>
>>> Hello,
>>>
>>> I'm securing a REST bearer-only application using keycloak.
>>>
>>> Is there any way to change keycloak.json adapter config file on the fly
>>> so that it can take effect without restarting the container?
>>>
>>> Will just editing keycloak.json work? I guess not.
>>>
>>> What i want to do is complete an administrative task that will provide
>>> the information needed for keycloak.json such as 'resource', edit
>>> keycloak.json and then make this configuration effective for the REST api.
>>>
>>>
>>> Best regards
>>>
>>> Orestis
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150706/d1bc27f4/attachment.html
More information about the keycloak-user
mailing list