Something that also comes to mind is: If the UPS relies on KeyCloak, it's
one more complex component that is required for the installation process.
Meaning: At least a running server instance of Keycloak is required. Not
sure if that helps in simplifying things :-)
On Fri, Jan 3, 2014 at 1:52 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
Hello,
it's nice to see an effort for integrating keycloak. Especially the User
Management part is something which sounds very promising. For instance I
like how a request against "http://push-abstractj.rhcloud.com/ag-push"
redirects me to the Keycloak server and after a sucessful login back to the
AdminUI. Sweet!
I understand this is an early PoC, but the user login bits already look
good!
A few things I noticed:
* After login, I get a list of PushApplications, but I can't click into
them to see details (I assume this is due to your changes to the ember
interface - with is perfectly fine)
* Sending Push Notifications (e.g. using the CURL command) does not work
(used the PushAppID/MasterSecret from the HTTP REST response on AdminUI
overview page ;-))
I assume this is because the endpoint for sending is also protected by the
SSO/Keycloak facility, hence the HTTP Basic auth is not triggered there
(guess).
Since the HTTP Basic is also used when a device tries to register against
a variant, I am guess the same issue is present there as well.
Perhaps the HTTP-Basic for SENDING and DEVICE-REGISTRATION could be done
w/ something else, e.g. OAuth2
Greetings,
Matthias
On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> Good morning peeps, yesterday I started to replace AeroGear Security on
> Unified Push server by Keycloak and you might be asking: “Why?”. Keycloak
> is a SSO with some handy features like TOTP, OAuth2, user management
> support and I think we have too much to contribute, is the only way to have
> some success with security, “divide to conquer" (at least for authorization
> and authentication).
>
> So will ag-security be discontinued? No! Keycloak is still on Alpha and
> we have to test it against our projects before fully replace ag-security,
> but the only way to upstream our needs, is to using it.
>
> This replacement only applies to authentication/authorization features,
> we still have a ton of projects which Keycloak is not able to replace like:
> TOTP, crypto and OAuth2 on mobile, our focus.
>
> - PoC
>
> So let’s talk about this replacement, any dependency on ag-security was
> removed from the push server and replaced by Keycloak:
>
https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>
> Based on Keycloak examples, I just did copy & paste from one of the demos
> (
https://github.com/abstractj/auth-server/tree/openshift) to create a
> server. Keycloak requires Resteasy 3.0.4, for this reason I had to manually
> replace some modules on JBoss.
>
> To test it go to:
http://push-abstractj.rhcloud.com/ag-push/ you must be
> redirected to Keycloak, enter:
>
> username: john(a)doe.com
> password: password
>
> You must be redirected to agpush console, keep in mind that I took some
> shortcuts to get this demo working, so for example the create will fail
> because I removed everything related into the ember interface.
>
> Is also possible to enable TOTP, user’s registration and whatever you
> want.
>
> So what do you think?
>
> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf