I have now rebased our branch ([1]) against our master and removed the
AdminUI src inclusion;
More updates will follow soon
-Matthias
[1]
On Sun, Jan 26, 2014 at 1:41 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
Hello Bruno,
On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> Any specific reason to limit the scope to admin page only? I'm thinking
> about login for regular users
Not sure I follow. What do you mean w/ "regular users"?
Before my change very thing was restricted by Keycloak (/*). I did not
really change there a lot, however I just removed the URLs for
'device-registration' and 'sending':
https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/m...
So, currently the following is protected by Keycloak:
* Admin UI (not speaking about a specific admin user)
* REST APIs that are accessed by the Admin UI, like:
-
http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
-
http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
Perviously the 'device-registration' and 'sending' URL were protected as
well. Removing them from the 'keycloak protection' is really the only change
Greetings,
Matthias
> --
> abstractj
>
>
> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew(a)apache.org>wrote:
>
>> Hello!
>>
>> I have a few more updates:
>>
>> On my branch (a fork from Bruno's branch), the URLs for the actual
>> sending and the device-registration (both 'protected' via HTTP-Basic),
now
>> work again. I have 'limited' the scope of the Keycloak
'protection' to the
>> AdminUI.
>>
>> Greetings,
>> Matthias
>>
>>
>>
>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf
<matzew(a)apache.org>wrote:
>>
>>> I have updated the branch w/ their recent changes from this weeks
>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>>
https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>
>>> More to come
>>>
>>> Greetings,
>>> Matthias
>>>
>>>
>>>
>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira
<bruno(a)abstractj.org>wrote:
>>>
>>>> Good morning peeps, yesterday I started to replace AeroGear Security
>>>> on Unified Push server by Keycloak and you might be asking:
"Why?".
>>>> Keycloak is a SSO with some handy features like TOTP, OAuth2, user
>>>> management support and I think we have too much to contribute, is the
only
>>>> way to have some success with security, "divide to conquer" (at
least for
>>>> authorization and authentication).
>>>>
>>>> So will ag-security be discontinued? No! Keycloak is still on Alpha
>>>> and we have to test it against our projects before fully replace
>>>> ag-security, but the only way to upstream our needs, is to using it.
>>>>
>>>> This replacement only applies to authentication/authorization
>>>> features, we still have a ton of projects which Keycloak is not able to
>>>> replace like: TOTP, crypto and OAuth2 on mobile, our focus.
>>>>
>>>> - PoC
>>>>
>>>> So let's talk about this replacement, any dependency on ag-security
>>>> was removed from the push server and replaced by Keycloak:
>>>>
https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>
>>>> Based on Keycloak examples, I just did copy & paste from one of the
>>>> demos (
https://github.com/abstractj/auth-server/tree/openshift) to
>>>> create a server. Keycloak requires Resteasy 3.0.4, for this reason I had
to
>>>> manually replace some modules on JBoss.
>>>>
>>>> To test it go to:
http://push-abstractj.rhcloud.com/ag-push/ you must
>>>> be redirected to Keycloak, enter:
>>>>
>>>> username: john(a)doe.com
>>>> password: password
>>>>
>>>> You must be redirected to agpush console, keep in mind that I took
>>>> some shortcuts to get this demo working, so for example the create will
>>>> fail because I removed everything related into the ember interface.
>>>>
>>>> Is also possible to enable TOTP, user's registration and whatever
you
>>>> want.
>>>>
>>>> So what do you think?
>>>>
>>>> --
>>>> abstractj
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog:
http://matthiaswessendorf.wordpress.com/
>>> sessions:
http://www.slideshare.net/mwessendorf
>>> twitter:
http://twitter.com/mwessendorf
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog:
http://matthiaswessendorf.wordpress.com/
>> sessions:
http://www.slideshare.net/mwessendorf
>> twitter:
http://twitter.com/mwessendorf
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf