On Wed, Jan 29, 2014 at 3:57 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Sorry I just missed your e-mail during while the syncalipse was
happening.
What I meant was something like: admin, developers, regular users and how
to deal with these roles. Maybe this is planned to the next steps, but at
some point we need to test how KeyCloak could protect our endpoints and
deal with multiple roles.
yes, the 'ui part' (and the underlying endpoints) being protected by
keycloak;
On the next steps is also looking at different roles for this. I was never
speaking about a specific user/role - more generically protecting the
"Admin UI", which can be consumed by users w/ different roles
-Matthias
On Sun, Jan 26, 2014 at 10:41 AM, Matthias Wessendorf <matzew(a)apache.org>wrote:
> Hello Bruno,
>
>
> On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
>
>> Any specific reason to limit the scope to admin page only? I'm thinking
>> about login for regular users
>
>
> Not sure I follow. What do you mean w/ "regular users"?
>
>
> Before my change very thing was restricted by Keycloak (/*). I did not
> really change there a lot, however I just removed the URLs for
> 'device-registration' and 'sending':
>
>
https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/m...
>
> So, currently the following is protected by Keycloak:
> * Admin UI (not speaking about a specific admin user)
> * REST APIs that are accessed by the Admin UI, like:
> -
http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
> -
http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
>
> Perviously the 'device-registration' and 'sending' URL were protected
as
> well. Removing them from the 'keycloak protection' is really the only change
>
> Greetings,
> Matthias
>
>
>
>> --
>> abstractj
>>
>>
>> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf
<matzew(a)apache.org>wrote:
>>
>>> Hello!
>>>
>>> I have a few more updates:
>>>
>>> On my branch (a fork from Bruno's branch), the URLs for the actual
>>> sending and the device-registration (both 'protected' via
HTTP-Basic), now
>>> work again. I have 'limited' the scope of the Keycloak
'protection' to the
>>> AdminUI.
>>>
>>> Greetings,
>>> Matthias
>>>
>>>
>>>
>>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <matzew(a)apache.org
>>> > wrote:
>>>
>>>> I have updated the branch w/ their recent changes from this weeks
>>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>>>
https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>>
>>>> More to come
>>>>
>>>> Greetings,
>>>> Matthias
>>>>
>>>>
>>>>
>>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira
<bruno(a)abstractj.org>wrote:
>>>>
>>>>> Good morning peeps, yesterday I started to replace AeroGear Security
>>>>> on Unified Push server by Keycloak and you might be asking:
"Why?".
>>>>> Keycloak is a SSO with some handy features like TOTP, OAuth2, user
>>>>> management support and I think we have too much to contribute, is the
only
>>>>> way to have some success with security, "divide to conquer"
(at least for
>>>>> authorization and authentication).
>>>>>
>>>>> So will ag-security be discontinued? No! Keycloak is still on Alpha
>>>>> and we have to test it against our projects before fully replace
>>>>> ag-security, but the only way to upstream our needs, is to using it.
>>>>>
>>>>> This replacement only applies to authentication/authorization
>>>>> features, we still have a ton of projects which Keycloak is not able
to
>>>>> replace like: TOTP, crypto and OAuth2 on mobile, our focus.
>>>>>
>>>>> - PoC
>>>>>
>>>>> So let's talk about this replacement, any dependency on
ag-security
>>>>> was removed from the push server and replaced by Keycloak:
>>>>>
https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>>
>>>>> Based on Keycloak examples, I just did copy & paste from one of
the
>>>>> demos (
https://github.com/abstractj/auth-server/tree/openshift) to
>>>>> create a server. Keycloak requires Resteasy 3.0.4, for this reason I
had to
>>>>> manually replace some modules on JBoss.
>>>>>
>>>>> To test it go to:
http://push-abstractj.rhcloud.com/ag-push/ you
>>>>> must be redirected to Keycloak, enter:
>>>>>
>>>>> username: john(a)doe.com
>>>>> password: password
>>>>>
>>>>> You must be redirected to agpush console, keep in mind that I took
>>>>> some shortcuts to get this demo working, so for example the create
will
>>>>> fail because I removed everything related into the ember interface.
>>>>>
>>>>> Is also possible to enable TOTP, user's registration and whatever
you
>>>>> want.
>>>>>
>>>>> So what do you think?
>>>>>
>>>>> --
>>>>> abstractj
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog:
http://matthiaswessendorf.wordpress.com/
>>>> sessions:
http://www.slideshare.net/mwessendorf
>>>> twitter:
http://twitter.com/mwessendorf
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog:
http://matthiaswessendorf.wordpress.com/
>>> sessions:
http://www.slideshare.net/mwessendorf
>>> twitter:
http://twitter.com/mwessendorf
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog:
http://matthiaswessendorf.wordpress.com/
> sessions:
http://www.slideshare.net/mwessendorf
> twitter:
http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev