Re: [aerogear-dev] Keycloak integration

Hello, here is an update on the integration: Bill did some updates to his example template and worked on more things inside of Keycloak for a better integration. Yesterday, I used his example work and applied it to our UPS: https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two... There is now an 'auth-server' module which produces a WAR (that also contains an AeroGear theme), to be deployed to the AS: https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two... The 'server' module is using a ContextListener for the configuration work, instead of the previous keycloak.json file: https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-two... Deploying the two WARs (auth before ups) will show the integration (admin:admin is the initial password). IMO this is a huge step towards a proper Keycloak integration, but some items are still open: - nicer config (using his testrealm.json inside of the auth-server) - user/roles mgmt - integration w/ the new UI - ... When Bruno is back, the work on this branch will continue. That's it for now. -Matthias On Tue, May 6, 2014 at 11:49 AM, Matthias Wessendorf <matzew(a)apache.org&gt;wrote: > Hello folks! > > Bill Burk was helping on the Keycloak front and besides fixing related > items on the Keycloak server, he also created an example that we can use as > a template for the actual integration. See [1] > > In the past, Bruno and I did integrate w/ an external Keycloak server > (see [2]), and we did include the keycloak.json file (See [3]). Thanks to > Bill's work on Keycloak, the 'protected app' no longer needs that, see [4]. > Also there is no more the need to customize the Keycloak Rest Application > (Stian and I did look into that as well). > > > Good news: This means the UPS can stay as it is -> no need to change > internals (e.g. the 'bundle all in one WAR file' did force us to change our > '/rest' URLs, as Keycloak uses them, see [5]). > > Inside of our 'modular' Keycloak branch (see [2] again), we can apply the > work from Bill: > * our current 'server' module will use a listener similar to [4] > * create a "ups-auth" module similar to [6] > > On the 'ups-auth module' there is one area where we need to have some > future improvement: > * testrealm.json -> needs to be in Java code, due to the URL being > hard-coded in there (we need to resolve the URL of the host, running the > bits). But, IMO for now that should be good enough. > > Bruno did offer to help out on the Keycloak integration, so that I can go > back to the analytics and mertrics feature. Thanks abstractj!! <3 > > Greetings, > Matthias > > [1] > https://github.com/keycloak/keycloak/tree/master/project-integrations/aer... > [2] > https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-mod... > [3] > https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-mod... > [4] > https://github.com/keycloak/keycloak/blob/master/project-integrations/aer... > [5] > https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-emb... > [6] > https://github.com/keycloak/keycloak/tree/master/project-integrations/aer... > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf