Hi All, Sorry all - book mode ;-) We've had a couple of threads around keycloak integration (thanks Abstractj) and working together with them (both in our dev list and theirs). I had a meeting (dinner really) with Bill and talked about some possibilities and we're both excited to see what can happen. I wanted to capture some of those thoughts here (as well as some that already started before), have some discussions, and more importantly talk about next steps (jira's) to get some of this in the pipeline. I'm sure this is not exhaustive either, so please add your own thoughts, brainstorming etc... (for example Cordova plugin perhaps?) *In no particular order A) AeroGear security integration ** Abstractj already posted and implemented some of these changes ** http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGe... ** What's left here? Is it plug-able? Does it need to be?

B) Crypto key management ** Server-side encryption key management for client crypto ** Abstractj had some discussions here *** http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html *** Where does that stand? ** Do we need our own impl as well? C) UnifiedPush server integration ** User management, Auth* ** Do we have our own basic impl for quickstart experience? ** See below for possible combined cartridge options

D) Cross-project examples, tutorials, docs, etc... ** TBD

KeyCloak has some things they need as well, that we could work together on. I'm sure the KeyCloak team could add more here :-) Z) Device support ** We need it, they need, and others need it ** Bill would like us to help them (and us at the same time) with this.

Y) OpenShift Cartridge for KeyCloak ** I know this is already on their roadmap ** The work Farah and others has already done, could be very helpful to them ** We should also discuss the possibility of a joint cartridge *** Could be really compelling, especially if you add in device, client key, and push support with native SDKs & examples *** Would also want separate cartridges as well imo

X) Client SDK support ** We have client SDKs & could help with their dev (either as part of AeroGear or KeyCloak perhaps) ** Primarily for iOS & Android, but would also want see where JS & Cordova fit.

You start putting all of this together and there is a great set of functionality that really compliments each other well. After we discuss for a while, I'd like to find owners for the various items to help make progress on these. Abstractj is awesome, but not sure he can do it all ;-)

-Jay PS: I'll post an email to the keycloak-dev list as well pointing to this thread on our list. _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

On Jan 19, 2014, at 10:18 AM, Matthias Wessendorf <matzew(a)apache.org&gt; wrote: On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas <jbalunas(a)redhat.com&gt; wrote: > Hi All, > > Sorry all - book mode ;-) > > We've had a couple of threads around keycloak integration (thanks > Abstractj) and working together with them (both in our dev list and > theirs). I had a meeting (dinner really) with Bill and talked about some > possibilities and we're both excited to see what can happen. > > I wanted to capture some of those thoughts here (as well as some that > already started before), have some discussions, and more importantly talk > about next steps (jira's) to get some of this in the pipeline. I'm sure > this is not exhaustive either, so please add your own thoughts, > brainstorming etc... (for example Cordova plugin perhaps?) > > *In no particular order > > A) AeroGear security integration > ** Abstractj already posted and implemented some of these changes > ** > http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGe... > ** What's left here? Is it plug-able? Does it need to be? > The work started by Bruno looks promising. I like that for the login to the UPS Admin UI is being forwarded to the Keycloak server. As mentioned on the referenced thread, there is a bit of more work needed for the "protection" of the SEND (and likely device registration) URLs. > B) Crypto key management > ** Server-side encryption key management for client crypto > ** Abstractj had some discussions here > *** > http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html > *** Where does that stand? > ** Do we need our own impl as well? > > C) UnifiedPush server integration > ** User management, Auth* > ** Do we have our own basic impl for quickstart experience? > ** See below for possible combined cartridge options > yep, the UPS come in mind and as mentioned in A) Bruno was already actively starting this shortly before XMAS. > > D) Cross-project examples, tutorials, docs, etc... > ** TBD > Sure, combined docs/tutorials/examples are a good item once we do have a bit more :-) Not sure it makes much sense now, but I can be wrong Completely agree now is not the time. Just wanted to bring it up for discussion. > > KeyCloak has some things they need as well, that we could work together > on. I'm sure the KeyCloak team could add more here :-) > > Z) Device support > ** We need it, they need, and others need it > ** Bill would like us to help them (and us at the same time) with this. > yeah - that would be an extremely good fit for our Push efforts. We'll need someone to setup a mtg, or discuss on the topic. Any takers?

> > Y) OpenShift Cartridge for KeyCloak > ** I know this is already on their roadmap > ** The work Farah and others has already done, could be very helpful to > them > ** We should also discuss the possibility of a joint cartridge > *** Could be really compelling, especially if you add in device, client > key, and push support with native SDKs & examples > *** Would also want separate cartridges as well imo > yeah, I see various options here: * 'standalone' Keycloak cartridge (on their roadmap already); Would be nice to get Farah involved here as well * combined cartridge (E.g. Push + Keycloak). If we do actually fully integrate Keycloak into the Push work, IMO this is a required option, to simply include the Keycloak offerings into our Push Cartridge Agreed, and I'd like to hear from the keycloak team on this as well. If they have plans for pairing their cartridge with others.

> > X) Client SDK support > ** We have client SDKs & could help with their dev (either as part of > AeroGear or KeyCloak perhaps) > ** Primarily for iOS & Android, but would also want see where JS & > Cordova fit. > Yes, another good integration item, would be interesting to know their 'requirements'. I think our OAuth2 related work, would be something that's interesting for them as well +1 > > You start putting all of this together and there is a great set of > functionality that really compliments each other well. After we discuss > for a while, I'd like to find owners for the various items to help make > progress on these. Abstractj is awesome, but not sure he can do it all ;-) > yes, great work by Bruno w/ getting actively started on this +1 > > -Jay > > PS: I'll post an email to the keycloak-dev list as well pointing to this > thread on our list. > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

It's great to see interest in the Keycloak project :) We've been quite busy with getting the alpha out the door (hopefully it'll be released tomorrow) hence the lack of response. Also, I don't think Bill follows aerogear-dev. Would be good to start discussions on these items, maybe as separate posts to keycloak-dev?

A few thoughts from me: * We've got a quick and dirty OpenShift cartridge ( https://github.com/keycloak/openshift-keycloak-cartridge) - it's based on the WildFly cartridge by Corey Daley. Seems to work pretty well and took me about an hour to do the mods. I was considering if it was possible to do the Keycloak and UPS cartridges as add-ons to the WildFly cartridge (same as postgresql and mysql cartridges). That way you can mix and match whatever combo you want. A specific cartridge may provide a better integrated experience though. Maybe we can ping someone in the OpenShift team to find out the correct approach?

* Mobile SDKs - There's not much effort yet on supporting mobiles. Maybe you could help us with creating Keycloak SDKs, with most of the code reusable in AeroGear and LiveOak?

* JS - None in Keycloak, but I've started one in LiveOak. Again, could we do a Keycloak JS lib that could be reused by AeroGear and LiveOak?

If you have any issues/questions at all post to keycloak-dev and I'm sure me and Bill will fight to see how gets to answer first ;)

----- Original Message ----- > From: "Matthias Wessendorf" <matzew(a)apache.org&gt; > To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org&gt; > Sent: Wednesday, 22 January, 2014 7:41:10 AM > Subject: Re: [aerogear-dev] Keycloak integration ideas > > > > > On Tue, Jan 21, 2014 at 11:10 PM, Jay Balunas < jbalunas(a)redhat.com > wrote: > > > > > On Jan 19, 2014, at 10:18 AM, Matthias Wessendorf < matzew(a)apache.org > > wrote: > > > > > > > > On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas < jbalunas(a)redhat.com > wrote: > > > > Hi All, > > Sorry all - book mode ;-) > > We've had a couple of threads around keycloak integration (thanks Abstractj) > and working together with them (both in our dev list and theirs). I had a > meeting (dinner really) with Bill and talked about some possibilities and > we're both excited to see what can happen. > > I wanted to capture some of those thoughts here (as well as some that already > started before), have some discussions, and more importantly talk about next > steps (jira's) to get some of this in the pipeline. I'm sure this is not > exhaustive either, so please add your own thoughts, brainstorming etc... > (for example Cordova plugin perhaps?) > > *In no particular order > > A) AeroGear security integration > ** Abstractj already posted and implemented some of these changes > ** > http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGe... > ** What's left here? Is it plug-able? Does it need to be? > > The work started by Bruno looks promising. I like that for the login to the > UPS Admin UI is being forwarded to the Keycloak server. > As mentioned on the referenced thread, there is a bit of more work needed for > the "protection" of the SEND (and likely device registration) URLs. > > > > > > B) Crypto key management > ** Server-side encryption key management for client crypto > ** Abstractj had some discussions here > *** http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html > *** Where does that stand? > ** Do we need our own impl as well? > > C) UnifiedPush server integration > ** User management, Auth* > ** Do we have our own basic impl for quickstart experience? > ** See below for possible combined cartridge options > > yep, the UPS come in mind and as mentioned in A) Bruno was already actively > starting this shortly before XMAS. > > > > > > D) Cross-project examples, tutorials, docs, etc... > ** TBD > > Sure, combined docs/tutorials/examples are a good item once we do have a bit > more :-) Not sure it makes much sense now, but I can be wrong > > Completely agree now is not the time. Just wanted to bring it up for > discussion. > > > > > > > > > KeyCloak has some things they need as well, that we could work together on. > I'm sure the KeyCloak team could add more here :-) > > Z) Device support > ** We need it, they need, and others need it > ** Bill would like us to help them (and us at the same time) with this. > > yeah - that would be an extremely good fit for our Push efforts. > > We'll need someone to setup a mtg, or discuss on the topic. Any takers? > > I can reach out to them, via mailing list, to see what they are up to, > regarding "Device support". Not 100% sure which email list is the 'right' > choice (cross-postings are IMO a PITA :)) > > > > > > > > > > > > > Y) OpenShift Cartridge for KeyCloak > ** I know this is already on their roadmap > ** The work Farah and others has already done, could be very helpful to them > ** We should also discuss the possibility of a joint cartridge > *** Could be really compelling, especially if you add in device, client key, > and push support with native SDKs & examples > *** Would also want separate cartridges as well imo > > yeah, I see various options here: > * 'standalone' Keycloak cartridge (on their roadmap already); Would be nice > to get Farah involved here as well > * combined cartridge (E.g. Push + Keycloak). If we do actually fully > integrate Keycloak into the Push work, IMO this is a required option, to > simply include the Keycloak offerings into our Push Cartridge > > Agreed, and I'd like to hear from the keycloak team on this as well. If they > have plans for pairing their cartridge with others. > > On their list they are currently talking about standalone ones, but later, we > might be able to integrate w/ their server piece. > > > > > > > > > > > > X) Client SDK support > ** We have client SDKs & could help with their dev (either as part of > AeroGear or KeyCloak perhaps) > ** Primarily for iOS & Android, but would also want see where JS & Cordova > fit. > > Yes, another good integration item, would be interesting to know their > 'requirements'. I think our OAuth2 related work, would be something that's > interesting for them as well > > +1 > > > > > > > > > You start putting all of this together and there is a great set of > functionality that really compliments each other well. After we discuss for > a while, I'd like to find owners for the various items to help make progress > on these. Abstractj is awesome, but not sure he can do it all ;-) > > yes, great work by Bruno w/ getting actively started on this > > +1 > > > > > > > > > > -Jay > > PS: I'll post an email to the keycloak-dev list as well pointing to this > thread on our list. > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

From: "Lucas Holmquist" <lholmqui(a)redhat.com&gt; To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org&gt; Sent: Wednesday, 22 January, 2014 1:38:30 PM Subject: Re: [aerogear-dev] Keycloak integration ideas On Jan 22, 2014, at 6:53 AM, Matthias Wessendorf < matzew(a)apache.org > wrote: Hello Stian, On Wed, Jan 22, 2014 at 12:40 PM, Stian Thorgersen < stian(a)redhat.com > wrote: It's great to see interest in the Keycloak project :) We've been quite busy with getting the alpha out the door (hopefully it'll be released tomorrow) hence the lack of response. Also, I don't think Bill follows aerogear-dev. Would be good to start discussions on these items, maybe as separate posts to keycloak-dev? sure, that would work for me A few thoughts from me: * We've got a quick and dirty OpenShift cartridge ( https://github.com/keycloak/openshift-keycloak-cartridge ) - it's based on the WildFly cartridge by Corey Daley. Seems to work pretty well and took me about an hour to do the mods. I was considering if it was possible to do the Keycloak and UPS cartridges as add-ons to the WildFly cartridge (same as postgresql and mysql cartridges). That way you can mix and match whatever combo you want. A specific cartridge may provide a better integrated experience though. Maybe we can ping someone in the OpenShift team to find out the correct approach? sounds reasonable. Farah was kindly helping us w/ our Push Cartridge (containing Unified- and SimplePush Servers + MySQL). There are thoughts on integrating the UPS (e.g. the user management) w/ Keycloak. Something like that makes a perfect 'mix' for adding the Keycloak bits into our cartridge. Sure we could 're-lable' it. Is that something that sounds good ? * Mobile SDKs - There's not much effort yet on supporting mobiles. Maybe you could help us with creating Keycloak SDKs, with most of the code reusable in AeroGear and LiveOak? Absolutely, for that I think it would be good to start a thread on keycloak-dev regarding 'requirements' / desired functionality. Ideally these SDKs are leveraging AeroGear's mobile client SDKs. * JS - None in Keycloak, but I've started one in LiveOak. Again, could we do a Keycloak JS lib that could be reused by AeroGear and LiveOak? +1 and that would be needed pretty much once the UnifiedPushServer is integrating w/ Keycloak :-) what is the target for having the "implicit" auth flow, since this is needed for JS clients. I have a OAuth2 client in aerogear.js, currently tested against googles OAuth2 stuff, but it is written to spec

If you have any issues/questions at all post to keycloak-dev and I'm sure me and Bill will fight to see how gets to answer first ;) yay! Cheers! Matthias ----- Original Message ----- > From: "Matthias Wessendorf" < matzew(a)apache.org > > To: "AeroGear Developer Mailing List" < aerogear-dev(a)lists.jboss.org > > Sent: Wednesday, 22 January, 2014 7:41:10 AM > Subject: Re: [aerogear-dev] Keycloak integration ideas > > > > > On Tue, Jan 21, 2014 at 11:10 PM, Jay Balunas < jbalunas(a)redhat.com > > wrote: > > > > > On Jan 19, 2014, at 10:18 AM, Matthias Wessendorf < matzew(a)apache.org > > wrote: > > > > > > > > On Fri, Jan 17, 2014 at 10:04 PM, Jay Balunas < jbalunas(a)redhat.com > > wrote: > > > > Hi All, > > Sorry all - book mode ;-) > > We've had a couple of threads around keycloak integration (thanks > Abstractj) > and working together with them (both in our dev list and theirs). I had a > meeting (dinner really) with Bill and talked about some possibilities and > we're both excited to see what can happen. > > I wanted to capture some of those thoughts here (as well as some that > already > started before), have some discussions, and more importantly talk about > next > steps (jira's) to get some of this in the pipeline. I'm sure this is not > exhaustive either, so please add your own thoughts, brainstorming etc... > (for example Cordova plugin perhaps?) > > *In no particular order > > A) AeroGear security integration > ** Abstractj already posted and implemented some of these changes > ** > http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGe... > ** What's left here? Is it plug-able? Does it need to be? > > The work started by Bruno looks promising. I like that for the login to the > UPS Admin UI is being forwarded to the Keycloak server. > As mentioned on the referenced thread, there is a bit of more work needed > for > the "protection" of the SEND (and likely device registration) URLs. > > > > > > B) Crypto key management > ** Server-side encryption key management for client crypto > ** Abstractj had some discussions here > *** http://lists.jboss.org/pipermail/keycloak-dev/2013-December/000915.html > *** Where does that stand? > ** Do we need our own impl as well? > > C) UnifiedPush server integration > ** User management, Auth* > ** Do we have our own basic impl for quickstart experience? > ** See below for possible combined cartridge options > > yep, the UPS come in mind and as mentioned in A) Bruno was already actively > starting this shortly before XMAS. > > > > > > D) Cross-project examples, tutorials, docs, etc... > ** TBD > > Sure, combined docs/tutorials/examples are a good item once we do have a > bit > more :-) Not sure it makes much sense now, but I can be wrong > > Completely agree now is not the time. Just wanted to bring it up for > discussion. > > > > > > > > > KeyCloak has some things they need as well, that we could work together on. > I'm sure the KeyCloak team could add more here :-) > > Z) Device support > ** We need it, they need, and others need it > ** Bill would like us to help them (and us at the same time) with this. > > yeah - that would be an extremely good fit for our Push efforts. > > We'll need someone to setup a mtg, or discuss on the topic. Any takers? > > I can reach out to them, via mailing list, to see what they are up to, > regarding "Device support". Not 100% sure which email list is the 'right' > choice (cross-postings are IMO a PITA :)) > > > > > > > > > > > > > Y) OpenShift Cartridge for KeyCloak > ** I know this is already on their roadmap > ** The work Farah and others has already done, could be very helpful to > them > ** We should also discuss the possibility of a joint cartridge > *** Could be really compelling, especially if you add in device, client > key, > and push support with native SDKs & examples > *** Would also want separate cartridges as well imo > > yeah, I see various options here: > * 'standalone' Keycloak cartridge (on their roadmap already); Would be nice > to get Farah involved here as well > * combined cartridge (E.g. Push + Keycloak). If we do actually fully > integrate Keycloak into the Push work, IMO this is a required option, to > simply include the Keycloak offerings into our Push Cartridge > > Agreed, and I'd like to hear from the keycloak team on this as well. If > they > have plans for pairing their cartridge with others. > > On their list they are currently talking about standalone ones, but later, > we > might be able to integrate w/ their server piece. > > > > > > > > > > > > X) Client SDK support > ** We have client SDKs & could help with their dev (either as part of > AeroGear or KeyCloak perhaps) > ** Primarily for iOS & Android, but would also want see where JS & Cordova > fit. > > Yes, another good integration item, would be interesting to know their > 'requirements'. I think our OAuth2 related work, would be something that's > interesting for them as well > > +1 > > > > > > > > > You start putting all of this together and there is a great set of > functionality that really compliments each other well. After we discuss for > a while, I'd like to find owners for the various items to help make > progress > on these. Abstractj is awesome, but not sure he can do it all ;-) > > yes, great work by Bruno w/ getting actively started on this > > +1 > > > > > > > > > > -Jay > > PS: I'll post an email to the keycloak-dev list as well pointing to this > thread on our list. > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev