Hello,

here is an update on the integration: Bill did some updates to his example template and worked on more things inside of Keycloak for a better integration.

Yesterday, I used his example work and applied it to our UPS:

https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two-war-integration

There is now an 'auth-server' module which produces a WAR (that also contains an AeroGear theme), to be deployed to the AS:

https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two-war-integration/auth-server

The 'server' module is using a ContextListener for the configuration work, instead of the previous keycloak.json file:

https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-two-war-integration/server/src/main/java/org/jboss/aerogear/unifiedpush/keycloak/BootstrapListener.java

Deploying the two WARs (auth before ups) will show the integration (admin:admin is the initial password).

IMO this is a huge step towards a proper Keycloak integration, but some items are still open:

- nicer config (using his testrealm.json inside of the auth-server)

- user/roles mgmt

- integration w/ the new UI

- ...

When Bruno is back, the work on this branch will continue.

That's it for now.

-Matthias

On Tue, May 6, 2014 at 11:49 AM, Matthias Wessendorf <matzew@apache.org> wrote:

Hello folks!

Bill Burk was helping on the Keycloak front and besides fixing related items on the Keycloak server, he also created an example that we can use as a template for the actual integration. See [1]

In the past, Bruno and I did integrate w/ an external Keycloak server (see [2]), and we did include the keycloak.json file (See [3]). Thanks to Bill's work on Keycloak, the 'protected app' no longer needs that, see [4].

Also there is no more the need to customize the Keycloak Rest Application (Stian and I did look into that as well).

Good news: This means the UPS can stay as it is -> no need to change internals (e.g. the 'bundle all in one WAR file' did force us to change our '/rest' URLs, as Keycloak uses them, see [5]).

Inside of our 'modular' Keycloak branch (see [2] again), we can apply the work from Bill:
* our current 'server' module will use a listener similar to [4]
* create a "ups-auth" module similar to [6]

On the 'ups-auth module' there is one area where we need to have some future improvement:
* testrealm.json -> needs to be in Java code, due to the URL being hard-coded in there (we need to resolve the URL of the host, running the bits). But, IMO for now that should be good enough.

Bruno did offer to help out on the Keycloak integration, so that I can go back to the analytics and mertrics feature. Thanks abstractj!! <3

Greetings,
Matthias

[1] https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups

[2] https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-modular

[3] https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-modular/server/src/main/webapp/WEB-INF/keycloak.json

[4] https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/app/src/main/java/org/keycloak/example/BootstrapListener.java

[5] https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-embedded
[6] https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups/auth-server

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf