[wildfly-dev] access to mgmt api/services

Brian Stansberry brian.stansberry at redhat.com
Thu Feb 6 12:48:29 EST 2014 

I didn't focus on this enough last week, sorry, but now I'll ask questions.

In general, can you describe more what this configuration data is?

Is this an optional behavior? Can the necessary configuration be 
performed without requiring a call from the keycloak server?

The keycloak server will have to be authenticated as a valid user 
authorized to administer the appserver. The account will need to have 
high level permissions (Administrator or SuperUser in our RBAC scheme) 
since this is presumably security-sensitive stuff being configured. Is 
it going to be more user-friendly to have them set all that up versus 
having them configure this stuff directly?

Is this configuration sent by the keycloak server meant to be stored in 
the persistent config (e.g. standalone.xml)? In a managed domain, the 
persistent subsystem configurations are controlled by the master Host 
Controller, not by individual servers. So any per-server stuff can only 
work with non-persistent data. Also, the HC is not going to deploy a war.

On 2/6/14, 10:01 AM, Jason Greene wrote:
> Is JSON not usable by non-Wildfly servers?
>
> On Feb 6, 2014, at 9:55 AM, Bill Burke <bburke at redhat.com> wrote:
>
>> We already have a keycloak subsystem.  Again, the issue is, the Wildfly mgmt REST interface is Wildfly specific, with Wildfly peculiarities, using wildfly specific envelope formats.  Not very useful for non-wildfly servers. :)
>>
>> This isn't just Keycloak though.  OpenID Connect has a registration REST API which is client driven and not IDP driven.
>>
>> On 2/6/2014 10:38 AM, Tomaž Cerar wrote:
>>> Maybe it is really time to write keycloak subsystem, that way you will
>>> be able to expose also keycloak config via rest (and other mechanism)
>>>
>>> --
>>> tomaz
>>>
>>
>>>     Yet another reason is that it would be cool if there were a unified,
>>>     common REST API that the Keycloak admin console could use to manage and
>>>     talk to server instances that want to join or be managed by a Keycloak
>>>     realm.  Without this common REST API, we would have to write a Keycloak
>>>     server adapter (and UI screens) to handle them, which would mean that
>>>     the Keycloak server would probably have to be shut down too to install
>>>     any new adapter.
>>>
>>>     The OP asked how to get access, locally, to mgmt api/services.  Brian's
>>>     response was, "just use the HTTP interface".  I now have 2 reasons why
>>>     "just use the HTTP interface" may not be feasible.
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>
> --
> Jason T. Greene
> WildFly Lead / JBoss EAP Platform Architect
> JBoss, a division of Red Hat
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


-- 
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat

More information about the wildfly-dev mailing list