<div dir="ltr"><div>Maybe it is really time to write keycloak subsystem, that way you will be able to expose also keycloak config via rest (and other mechanism)<br><br>--<br></div>tomaz<br></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Thu, Feb 6, 2014 at 4:35 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
<br>
On 2/5/2014 11:23 AM, Jason Greene wrote:<br>
><br>
> On Feb 5, 2014, at 9:23 AM, Bill Burke <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br>
><br>
>><br>
>><br>
>> On 1/27/2014 9:48 PM, Bill Burke wrote:<br>
>>>>> This is for bootstrap purposes for getting a Wildfly instance to join a<br>
>>>>> Keycloak federation. I want the Keycloak server to be able to send<br>
>>>>> realm configuration information to a Wildfly instance (over HTTP(S))<br>
>>>>> that is joining the federation and have that instance store this<br>
>>>>> information within a subsystem. So, it is a one off service that<br>
>>>>> happens after boot and may even be disabled afterwards.<br>
>>>>><br>
>>>>><br>
>>>><br>
>>>> This can't be done using the HTTP management interface?<br>
>>>><br>
>>><br>
>>> After thinking a bit, I guess it could just use the HTTP mgmt intf.<br>
>>> Thanks for your patience helping me work this out.<br>
>>><br>
>><br>
>> Ok, found a reason why just using the HTTP mgmt interface isn't good enough:<br>
>><br>
>> Openshift disables admin port :( You can set up port forwarding to be<br>
>> able to access it, but, still kinda sucks for usability, which is what<br>
>> I'm trying to optimize.<br>
><br>
> We have been planning to provide an OTB single port config for open shift, but it fell through the cracks. IIRC all of the hooks are there for it. I’ll put that on my TODO after we cut 8 Final, perhaps bundle it in 8.0.1.<br>
><br>
<br>
</div>Yet another reason is that it would be cool if there were a unified,<br>
common REST API that the Keycloak admin console could use to manage and<br>
talk to server instances that want to join or be managed by a Keycloak<br>
realm. Without this common REST API, we would have to write a Keycloak<br>
server adapter (and UI screens) to handle them, which would mean that<br>
the Keycloak server would probably have to be shut down too to install<br>
any new adapter.<br>
<br>
The OP asked how to get access, locally, to mgmt api/services. Brian's<br>
response was, "just use the HTTP interface". I now have 2 reasons why<br>
"just use the HTTP interface" may not be feasible.<br>
<br>
--<br>
Bill Burke<br>
<div class="im">JBoss, a division of Red Hat<br>
</div><a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
wildfly-dev mailing list<br>
<a href="mailto:wildfly-dev@lists.jboss.org">wildfly-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a><br>
</div></div></blockquote></div><br></div>