Sorry I just missed your e-mail during while the syncalipse was happening.
What I meant was something like: admin, developers, regular users and how
to deal with these roles. Maybe this is planned to the next steps, but at
some point we need to test how KeyCloak could protect our endpoints and
deal with multiple roles.
On Sun, Jan 26, 2014 at 10:41 AM, Matthias Wessendorf <matzew(a)apache.org>wrote:
Hello Bruno,
On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> Any specific reason to limit the scope to admin page only? I'm thinking
> about login for regular users
Not sure I follow. What do you mean w/ "regular users"?
Before my change very thing was restricted by Keycloak (/*). I did not
really change there a lot, however I just removed the URLs for
'device-registration' and 'sending':
https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/m...
So, currently the following is protected by Keycloak:
* Admin UI (not speaking about a specific admin user)
* REST APIs that are accessed by the Admin UI, like:
-
http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
-
http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
Perviously the 'device-registration' and 'sending' URL were protected as
well. Removing them from the 'keycloak protection' is really the only change
Greetings,
Matthias
> --
> abstractj
>
>
> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew(a)apache.org>wrote:
>
>> Hello!
>>
>> I have a few more updates:
>>
>> On my branch (a fork from Bruno's branch), the URLs for the actual
>> sending and the device-registration (both 'protected' via HTTP-Basic),
now
>> work again. I have 'limited' the scope of the Keycloak
'protection' to the
>> AdminUI.
>>
>> Greetings,
>> Matthias
>>
>>
>>
>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf
<matzew(a)apache.org>wrote:
>>
>>> I have updated the branch w/ their recent changes from this weeks
>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>>
https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>
>>> More to come
>>>
>>> Greetings,
>>> Matthias
>>>
>>>
>>>
>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira
<bruno(a)abstractj.org>wrote:
>>>
>>>> Good morning peeps, yesterday I started to replace AeroGear Security
>>>> on Unified Push server by Keycloak and you might be asking:
"Why?".
>>>> Keycloak is a SSO with some handy features like TOTP, OAuth2, user
>>>> management support and I think we have too much to contribute, is the
only
>>>> way to have some success with security, "divide to conquer" (at
least for
>>>> authorization and authentication).
>>>>
>>>> So will ag-security be discontinued? No! Keycloak is still on Alpha
>>>> and we have to test it against our projects before fully replace
>>>> ag-security, but the only way to upstream our needs, is to using it.
>>>>
>>>> This replacement only applies to authentication/authorization
>>>> features, we still have a ton of projects which Keycloak is not able to
>>>> replace like: TOTP, crypto and OAuth2 on mobile, our focus.
>>>>
>>>> - PoC
>>>>
>>>> So let's talk about this replacement, any dependency on ag-security
>>>> was removed from the push server and replaced by Keycloak:
>>>>
https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>
>>>> Based on Keycloak examples, I just did copy & paste from one of the
>>>> demos (
https://github.com/abstractj/auth-server/tree/openshift) to
>>>> create a server. Keycloak requires Resteasy 3.0.4, for this reason I had
to
>>>> manually replace some modules on JBoss.
>>>>
>>>> To test it go to:
http://push-abstractj.rhcloud.com/ag-push/ you must
>>>> be redirected to Keycloak, enter:
>>>>
>>>> username: john(a)doe.com
>>>> password: password
>>>>
>>>> You must be redirected to agpush console, keep in mind that I took
>>>> some shortcuts to get this demo working, so for example the create will
>>>> fail because I removed everything related into the ember interface.
>>>>
>>>> Is also possible to enable TOTP, user's registration and whatever
you
>>>> want.
>>>>
>>>> So what do you think?
>>>>
>>>> --
>>>> abstractj
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog:
http://matthiaswessendorf.wordpress.com/
>>> sessions:
http://www.slideshare.net/mwessendorf
>>> twitter:
http://twitter.com/mwessendorf
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog:
http://matthiaswessendorf.wordpress.com/
>> sessions:
http://www.slideshare.net/mwessendorf
>> twitter:
http://twitter.com/mwessendorf
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile