Hello Bruno,On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno@abstractj.org> wrote:
Any specific reason to limit the scope to admin page only? I'm thinking about login for regular usersNot sure I follow. What do you mean w/ "regular users"?Before my change very thing was restricted by Keycloak (/*). I did not really change there a lot, however I just removed the URLs for 'device-registration' and 'sending':So, currently the following is protected by Keycloak:* Admin UI (not speaking about a specific admin user)* REST APIs that are accessed by the Admin UI, like:Perviously the 'device-registration' and 'sending' URL were protected as well. Removing them from the 'keycloak protection' is really the only changeGreetings,Matthias—
abstractjOn Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew@apache.org> wrote:
Hello!I have a few more updates:On my branch (a fork from Bruno's branch), the URLs for the actual sending and the device-registration (both 'protected' via HTTP-Basic), now work again. I have 'limited' the scope of the Keycloak 'protection' to the AdminUI.Greetings,MatthiasOn Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <matzew@apache.org> wrote:I have updated the branch w/ their recent changes from this weeks alpha-1 release, and submitted a PR against abstractj's repo:More to comeGreetings,MatthiasOn Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <bruno@abstractj.org> wrote:Good morning peeps, yesterday I started to replace AeroGear Security on Unified Push server by Keycloak and you might be asking: “Why?”. Keycloak is a SSO with some handy features like TOTP, OAuth2, user management support and I think we have too much to contribute, is the only way to have some success with security, “divide to conquer" (at least for authorization and authentication).
So will ag-security be discontinued? No! Keycloak is still on Alpha and we have to test it against our projects before fully replace ag-security, but the only way to upstream our needs, is to using it.
This replacement only applies to authentication/authorization features, we still have a ton of projects which Keycloak is not able to replace like: TOTP, crypto and OAuth2 on mobile, our focus.
- PoC
So let’s talk about this replacement, any dependency on ag-security was removed from the push server and replaced by Keycloak: https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
Based on Keycloak examples, I just did copy & paste from one of the demos (https://github.com/abstractj/auth-server/tree/openshift) to create a server. Keycloak requires Resteasy 3.0.4, for this reason I had to manually replace some modules on JBoss.
To test it go to: http://push-abstractj.rhcloud.com/ag-push/ you must be redirected to Keycloak, enter:
username: john@doe.com
password: password
You must be redirected to agpush console, keep in mind that I took some shortcuts to get this demo working, so for example the create will fail because I removed everything related into the ember interface.
Is also possible to enable TOTP, user’s registration and whatever you want.
So what do you think?
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev