on master we currently build a WAR, protected w/ keycloak, containing KC specifics in the web.xml

on the no-auth branch, used for Openshift-Mobile-Core, we have no protection. this allows us to a) simply run the UPS, without external servers (like KC) and easily protect the UPS behind an Oauth proxy (e.g. from Openshift)