Re: [Apiman-user] Securing apiman admin resources and ports

Hi Paul. Thanks for the questions. I'll do my best to answer each one, inline below: On 11/24/2015 11:53 AM, Paul Blair wrote: I think KeyCloak already has a Jetty adapter implementation. Of course, you would still need a standalone KeyCloak server running somewhere to take advantage of that. http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#j... Once the authentication issue is resolved, I don't think you give up anything except for the ease of mind you get running on an application server like EAP or WildFly versus an embedded instance of Jetty. Certainly there is no loss in terms of feature set. As for HA clustering - apiman doesn't take advantage of that. The API Manager is basically a simple CRUD application - you can start up multiple nodes and point them all at the same database. Likewise, the Gateway shares state and configuration information by sharing a common data store (e.g. elasticsearch). You can definitely start up multiple instances of the apiman micro-service(s) and load balance across them! We don't currently have a WildFly 9 distribution. I admit I simply haven't had time to try it out. It may work flawlessly or it may require some tweaks. We won't know until we try. :) In the near future (early in the 1.2.x line) we will be upgrading our keycloak support, which will require us to upgrade to WildFly 9 - so that should be coming soon (i.e. in the next month or two). -Eric