Good morning peeps, yesterday I started to replace AeroGear Security on Unified Push
server by Keycloak and you might be asking: “Why?”. Keycloak is a SSO with some handy
features like TOTP, OAuth2, user management support and I think we have too much to
contribute, is the only way to have some success with security, “divide to conquer"
(at least for authorization and authentication).
So will ag-security be discontinued? No! Keycloak is still on Alpha and we have to test it
against our projects before fully replace ag-security, but the only way to upstream our
needs, is to using it.
This replacement only applies to authentication/authorization features, we still have a
ton of projects which Keycloak is not able to replace like: TOTP, crypto and OAuth2 on
mobile, our focus.
- PoC
So let’s talk about this replacement, any dependency on ag-security was removed from the
push server and replaced by
Keycloak: https://github.com/abstractj/aerogear-unifiedpush-server/tree/o...
Based on Keycloak examples, I just did copy & paste from one of the demos
(
https://github.com/abstractj/auth-server/tree/openshift) to create a server. Keycloak
requires Resteasy 3.0.4, for this reason I had to manually replace some modules on JBoss.
To test it go to:
http://push-abstractj.rhcloud.com/ag-push/ you must be redirected to
Keycloak, enter:
username: john(a)doe.com
password: password
You must be redirected to agpush console, keep in mind that I took some shortcuts to get
this demo working, so for example the create will fail because I removed everything
related into the ember interface.
Is also possible to enable TOTP, user’s registration and whatever you want.
So what do you think?
--
abstractj