Looks like we have several options...
On Wed, Jan 29, 2014 at 4:02 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
On Wed, Jan 29, 2014 at 3:57 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> Sorry I just missed your e-mail during while the syncalipse was happening.
>
> What I meant was something like: admin, developers, regular users and how
> to deal with these roles. Maybe this is planned to the next steps, but at
> some point we need to test how KeyCloak could protect our endpoints and
> deal with multiple roles.
>
yes, the 'ui part' (and the underlying endpoints) being protected by
keycloak;
On the next steps is also looking at different roles for this. I was never
speaking about a specific user/role - more generically protecting the
"Admin UI", which can be consumed by users w/ different roles
-Matthias
>
>
> On Sun, Jan 26, 2014 at 10:41 AM, Matthias Wessendorf
<matzew(a)apache.org>wrote:
>
>> Hello Bruno,
>>
>>
>> On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira
<bruno(a)abstractj.org>wrote:
>>
>>> Any specific reason to limit the scope to admin page only? I'm thinking
>>> about login for regular users
>>
>>
>> Not sure I follow. What do you mean w/ "regular users"?
>>
>>
>> Before my change very thing was restricted by Keycloak (/*). I did not
>> really change there a lot, however I just removed the URLs for
>> 'device-registration' and 'sending':
>>
>>
https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/m...
>>
>> So, currently the following is protected by Keycloak:
>> * Admin UI (not speaking about a specific admin user)
>> * REST APIs that are accessed by the Admin UI, like:
>> -
http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
>> -
http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
>>
>> Perviously the 'device-registration' and 'sending' URL were
protected as
>> well. Removing them from the 'keycloak protection' is really the only
change
>>
>> Greetings,
>> Matthias
>>
>>
>>
>>> --
>>> abstractj
>>>
>>>
>>> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew(a)apache.org
>>> > wrote:
>>>
>>>> Hello!
>>>>
>>>> I have a few more updates:
>>>>
>>>> On my branch (a fork from Bruno's branch), the URLs for the actual
>>>> sending and the device-registration (both 'protected' via
HTTP-Basic), now
>>>> work again. I have 'limited' the scope of the Keycloak
'protection' to the
>>>> AdminUI.
>>>>
>>>> Greetings,
>>>> Matthias
>>>>
>>>>
>>>>
>>>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <
>>>> matzew(a)apache.org> wrote:
>>>>
>>>>> I have updated the branch w/ their recent changes from this weeks
>>>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>>>>
https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>>>
>>>>> More to come
>>>>>
>>>>> Greetings,
>>>>> Matthias
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira
<bruno(a)abstractj.org>wrote:
>>>>>
>>>>>> Good morning peeps, yesterday I started to replace AeroGear
Security
>>>>>> on Unified Push server by Keycloak and you might be asking:
"Why?".
>>>>>> Keycloak is a SSO with some handy features like TOTP, OAuth2,
user
>>>>>> management support and I think we have too much to contribute, is
the only
>>>>>> way to have some success with security, "divide to
conquer" (at least for
>>>>>> authorization and authentication).
>>>>>>
>>>>>> So will ag-security be discontinued? No! Keycloak is still on
Alpha
>>>>>> and we have to test it against our projects before fully replace
>>>>>> ag-security, but the only way to upstream our needs, is to using
it.
>>>>>>
>>>>>> This replacement only applies to authentication/authorization
>>>>>> features, we still have a ton of projects which Keycloak is not
able to
>>>>>> replace like: TOTP, crypto and OAuth2 on mobile, our focus.
>>>>>>
>>>>>> - PoC
>>>>>>
>>>>>> So let's talk about this replacement, any dependency on
ag-security
>>>>>> was removed from the push server and replaced by Keycloak:
>>>>>>
https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>>>
>>>>>> Based on Keycloak examples, I just did copy & paste from one
of the
>>>>>> demos (
https://github.com/abstractj/auth-server/tree/openshift)
to
>>>>>> create a server. Keycloak requires Resteasy 3.0.4, for this
reason I had to
>>>>>> manually replace some modules on JBoss.
>>>>>>
>>>>>> To test it go to:
http://push-abstractj.rhcloud.com/ag-push/ you
>>>>>> must be redirected to Keycloak, enter:
>>>>>>
>>>>>> username: john(a)doe.com
>>>>>> password: password
>>>>>>
>>>>>> You must be redirected to agpush console, keep in mind that I
took
>>>>>> some shortcuts to get this demo working, so for example the
create will
>>>>>> fail because I removed everything related into the ember
interface.
>>>>>>
>>>>>> Is also possible to enable TOTP, user's registration and
whatever
>>>>>> you want.
>>>>>>
>>>>>> So what do you think?
>>>>>>
>>>>>> --
>>>>>> abstractj
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Matthias Wessendorf
>>>>>
>>>>> blog:
http://matthiaswessendorf.wordpress.com/
>>>>> sessions:
http://www.slideshare.net/mwessendorf
>>>>> twitter:
http://twitter.com/mwessendorf
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog:
http://matthiaswessendorf.wordpress.com/
>>>> sessions:
http://www.slideshare.net/mwessendorf
>>>> twitter:
http://twitter.com/mwessendorf
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog:
http://matthiaswessendorf.wordpress.com/
>> sessions:
http://www.slideshare.net/mwessendorf
>> twitter:
http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf