Re: [aerogear-dev] Keycloak integration

I have submitted an _early_ PR to master to get the KC bits in - this will help the Angular.js based UI overhaul, as its currently lacks a proper login UI ;-) https://github.com/aerogear/aerogear-unifiedpush-server/pull/156 Once that is merged to MASTER, the angular branch can be rebased on this; Note: I added notes for users, to go w/ a 'stable' 0.10.x version... -Matthias On Wed, May 14, 2014 at 9:10 AM, Matthias Wessendorf <matzew(a)apache.org&gt;wrote: > Hello, > > here is an update on the integration: Bill did some updates to his > example template and worked on more things inside of Keycloak for a better > integration. > > Yesterday, I used his example work and applied it to our UPS: > > https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two... > > > There is now an 'auth-server' module which produces a WAR (that also > contains an AeroGear theme), to be deployed to the AS: > > https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two... > > > The 'server' module is using a ContextListener for the configuration > work, instead of the previous keycloak.json file: > > https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-two... > > Deploying the two WARs (auth before ups) will show the integration > (admin:admin is the initial password). > > IMO this is a huge step towards a proper Keycloak integration, but some > items are still open: > - nicer config (using his testrealm.json inside of the auth-server) > - user/roles mgmt > - integration w/ the new UI > - ... > > When Bruno is back, the work on this branch will continue. > > That's it for now. > > -Matthias > > > > > > > On Tue, May 6, 2014 at 11:49 AM, Matthias Wessendorf <matzew(a)apache.org&gt;wrote: > >> Hello folks! >> >> Bill Burk was helping on the Keycloak front and besides fixing related >> items on the Keycloak server, he also created an example that we can use as >> a template for the actual integration. See [1] >> >> In the past, Bruno and I did integrate w/ an external Keycloak server >> (see [2]), and we did include the keycloak.json file (See [3]). Thanks to >> Bill's work on Keycloak, the 'protected app' no longer needs that, see [4]. >> Also there is no more the need to customize the Keycloak Rest >> Application (Stian and I did look into that as well). >> >> >> Good news: This means the UPS can stay as it is -> no need to change >> internals (e.g. the 'bundle all in one WAR file' did force us to change our >> '/rest' URLs, as Keycloak uses them, see [5]). >> >> Inside of our 'modular' Keycloak branch (see [2] again), we can apply >> the work from Bill: >> * our current 'server' module will use a listener similar to [4] >> * create a "ups-auth" module similar to [6] >> >> On the 'ups-auth module' there is one area where we need to have some >> future improvement: >> * testrealm.json -> needs to be in Java code, due to the URL being >> hard-coded in there (we need to resolve the URL of the host, running the >> bits). But, IMO for now that should be good enough. >> >> Bruno did offer to help out on the Keycloak integration, so that I can >> go back to the analytics and mertrics feature. Thanks abstractj!! <3 >> >> Greetings, >> Matthias >> >> [1] >> https://github.com/keycloak/keycloak/tree/master/project-integrations/aer... >> [2] >> https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-mod... >> [3] >> https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-mod... >> [4] >> https://github.com/keycloak/keycloak/blob/master/project-integrations/aer... >> [5] >> https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-emb... >> [6] >> https://github.com/keycloak/keycloak/tree/master/project-integrations/aer... >> >> >> -- >> Matthias Wessendorf >> >> blog: http://matthiaswessendorf.wordpress.com/ >> sessions: http://www.slideshare.net/mwessendorf >> twitter: http://twitter.com/mwessendorf >> > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf