On 2014-10-13, Matthias Wessendorf wrote:
On Mon, Oct 13, 2014 at 4:08 PM, Egor Kolesnikov <
egor.kolesnikov(a)fastlane-it.com> wrote:
> Hi Matthias
>
>
>
> I do understand that Aerogear is quite young product and may not have all
> features yet
>
AeroGear is more, than just its UPS (UnifiedPush Server) - which we are
talking about here :)
> – just need to understand your vision of the project to align our further
> development appropriately.
>
>
>
> Having said that, I can see two possible integration options with projects
> like ours:
>
> 1. Aerogear+Keycloak combo used for “all things auth” (this will
> require unlocking master/admin user);
>
moving forward, I'd like us to go there. Again it was just done to limit
the initial scope of the UPS
> 2. Configuring Aerogear to use external Keycloak installation.
>
we have had discussions about that too. that it should be possible to have
our UnifiedPush Server on one machine, and a standalone keycloak server,
that is used for more. not just UPS
I think it makes perfect sense. There are two solutions quick or slow.
1. Quick: enable our developers to make use of not only AeroGear, but
create new realms as well. Also, let them, do whatever they want with
the admin.
2. Slow (I'm +1 on it). Dettach UPS from Keycloak and use as an external
installation. (off course, provide an easy way to install). If we think
carefuly, people might want to have 1 server with Keycloak and 4 with
UPS or the opposite.
> Option 1 appears to be the easiest way around, whether Option 2 looks like
> the most appropriate solution in the SSO world – as in, there’s still a
> “single” sign-on point which is used by all third-party systems. If I
> understand correctly, this could possibly be as easy as setting up
> auth-server-url property in Aerogear’s keycloak.json so it delegates to
> external Keycloak instance instead of using its “own” one.
>
>
>
> I’m happy to spend some time investigating and experimenting with both
> options.
>
>
>
> Cheers
>
> Egor
>
>
>
>
>
>
>
> *From:* aerogear-dev-bounces(a)lists.jboss.org [mailto:
> aerogear-dev-bounces(a)lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> *Sent:* Tuesday, 14 October 2014 12:49 AM
>
> *To:* AeroGear Developer Mailing List
> *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> Aerogear
>
>
>
>
>
>
>
> On Mon, Oct 13, 2014 at 3:40 PM, Egor Kolesnikov <
> egor.kolesnikov(a)fastlane-it.com> wrote:
>
> Hi Matthias
>
>
>
> That’s correct – we are already using Keycloak to secure our RESTful APIs
> for mobile and web client access. Not that having separate installation for
> exclusive Aerogear is a dealbreaker, but it would re-introduce the problem
> Keycloak was supposed to solve in the first place J
>
>
>
> fully understand! But we, initially, felt like limiting a bit. that said,
> we are flexible and there might be a chance to have this changed
>
>
>
>
>
> I can see that UpsSecurityApplication class kills off Keycloak admin user
> in master realm – would it break anything if I disabled this feature and
> started using Aerogear-supplied Keycloak for other purposes on separate
> realms?
>
>
>
> I don't think so (not tested). I recall we did this mainly to avoid adding
> new realms
>
>
>
>
>
> Our use case is mobile app (iOS+android), backend and AngularJS-based web
> frontend and so far Keycloak fits our purpose like a glove. Now that we’re
> adding Push notification support, Aerogear appears to be quite logical
> choice.
>
>
>
>
>
> sounds great!
>
>
>
>
>
> Thanks
>
> Egor
>
>
>
> *From:* aerogear-dev-bounces(a)lists.jboss.org [mailto:
> aerogear-dev-bounces(a)lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> *Sent:* Tuesday, 14 October 2014 12:29 AM
> *To:* AeroGear Developer Mailing List
> *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> Aerogear
>
>
>
> Hi,
>
>
>
> for the UnifiedPush Server the initial integration case was to function
> only for the need of the AeroGear UnifiedPush server.
>
>
>
> So, looks like, you'd appreciate a bit more flexibility, to basically use
> the auth-server for other apps as well ?
>
>
>
>
>
>
>
> On Mon, Oct 13, 2014 at 3:18 PM, ekolesnikov <ek(a)fastlane-it.com> wrote:
>
> Hi,
>
> Apologies for writing straight into DEV forums - I was unable to locate
> "aerogear-users" mailing list anywhere. Please feel free to point me to
the
> right direction if this mailing list is inappropriate for questions like
> this.
>
> Is it possible to use/integrate Aerogear with existing Keycloak
> installation? We are already using Keycloak for all things auth in our
> application and have found ourselves in the situation where we potentially
> have to manage separate infrastructure - which makes the whole point of
> using Keycloak a bit irrelevant.
>
> As an alternative, we could consider using Keycloak supplied with with
> Aerogear - unfortunately, it looks like Aerogear has disabled Keycloak
> option to create additional realms.
>
> I would really appreciate it if you could share your thought on this.
>
> Thanks
> Egor
>
>
>
> --
> View this message in context:
>
http://aerogear-dev.1069024.n5.nabble.com/Using-existing-Keycloak-install...
> Sent from the aerogear-dev mailing list archive at
Nabble.com.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
>
> --
> Matthias Wessendorf
>
> blog:
http://matthiaswessendorf.wordpress.com/
> sessions:
http://www.slideshare.net/mwessendorf
> twitter:
http://twitter.com/mwessendorf
>
>
> ------------------------------
>
> <
http://www.avast.com/>
>
> This email is free from viruses and malware because avast! Antivirus
> <
http://www.avast.com/> protection is active.
>
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
>
> --
> Matthias Wessendorf
>
> blog:
http://matthiaswessendorf.wordpress.com/
> sessions:
http://www.slideshare.net/mwessendorf
> twitter:
http://twitter.com/mwessendorf
>
>
> ------------------------------
> <
http://www.avast.com/>
>
> This email is free from viruses and malware because avast! Antivirus
> <
http://www.avast.com/> protection is active.
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914