Re: [aerogear-dev] Using existing Keycloak installation with Aerogear

Hi Matthias I do understand that Aerogear is quite young product and may not have all features yet – just need to understand your vision of the project to align our further development appropriately. Having said that, I can see two possible integration options with projects like ours: 1. Aerogear+Keycloak combo used for “all things auth” (this will require unlocking master/admin user); 2. Configuring Aerogear to use external Keycloak installation. Option 1 appears to be the easiest way around, whether Option 2 looks like the most appropriate solution in the SSO world – as in, there’s still a “single” sign-on point which is used by all third-party systems. If I understand correctly, this could possibly be as easy as setting up auth-server-url property in Aerogear’s keycloak.json so it delegates to external Keycloak instance instead of using its “own” one. I’m happy to spend some time investigating and experimenting with both options. Cheers Egor From: aerogear-dev-bounces(a)lists.jboss.org [mailto:aerogear-dev-bounces@lists.jboss.org] On Behalf Of Matthias Wessendorf Sent: Tuesday, 14 October 2014 12:49 AM To: AeroGear Developer Mailing List Subject: Re: [aerogear-dev] Using existing Keycloak installation with Aerogear On Mon, Oct 13, 2014 at 3:40 PM, Egor Kolesnikov <egor.kolesnikov(a)fastlane-it.com <mailto:egor.kolesnikov@fastlane-it.com> > wrote: Hi Matthias That’s correct – we are already using Keycloak to secure our RESTful APIs for mobile and web client access. Not that having separate installation for exclusive Aerogear is a dealbreaker, but it would re-introduce the problem Keycloak was supposed to solve in the first place :) fully understand! But we, initially, felt like limiting a bit. that said, we are flexible and there might be a chance to have this changed I can see that UpsSecurityApplication class kills off Keycloak admin user in master realm – would it break anything if I disabled this feature and started using Aerogear-supplied Keycloak for other purposes on separate realms? I don't think so (not tested). I recall we did this mainly to avoid adding new realms Our use case is mobile app (iOS+android), backend and AngularJS-based web frontend and so far Keycloak fits our purpose like a glove. Now that we’re adding Push notification support, Aerogear appears to be quite logical choice. sounds great! Thanks Egor From: aerogear-dev-bounces(a)lists.jboss.org <mailto:aerogear-dev-bounces@lists.jboss.org> [mailto:aerogear-dev-bounces@lists.jboss.org <mailto:aerogear-dev-bounces@lists.jboss.org> ] On Behalf Of Matthias Wessendorf Sent: Tuesday, 14 October 2014 12:29 AM To: AeroGear Developer Mailing List Subject: Re: [aerogear-dev] Using existing Keycloak installation with Aerogear Hi, for the UnifiedPush Server the initial integration case was to function only for the need of the AeroGear UnifiedPush server. So, looks like, you'd appreciate a bit more flexibility, to basically use the auth-server for other apps as well ? On Mon, Oct 13, 2014 at 3:18 PM, ekolesnikov <ek(a)fastlane-it.com <mailto:ek@fastlane-it.com> > wrote: Hi, Apologies for writing straight into DEV forums - I was unable to locate "aerogear-users" mailing list anywhere. Please feel free to point me to the right direction if this mailing list is inappropriate for questions like this. Is it possible to use/integrate Aerogear with existing Keycloak installation? We are already using Keycloak for all things auth in our application and have found ourselves in the situation where we potentially have to manage separate infrastructure - which makes the whole point of using Keycloak a bit irrelevant. As an alternative, we could consider using Keycloak supplied with with Aerogear - unfortunately, it looks like Aerogear has disabled Keycloak option to create additional realms. I would really appreciate it if you could share your thought on this. Thanks Egor -- View this message in context: http://aerogear-dev.1069024.n5.nabble.com/Using-existing-Keycloak-install... Sent from the aerogear-dev mailing list archive at Nabble.com. _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/aerogear-dev -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf _____ <http://www.avast.com/> This email is free from viruses and malware because avast! Antivirus <http://www.avast.com/> protection is active. _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/aerogear-dev -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com