Re: [keycloak-dev] Keycloak subsystem

In Thunderlips, we have a requirement that console applications should not be required to know where the Keycloak server resides at build time. Furthermore, an administrator should not need to crack open a WAR to include this information. Instead, the application should learn about its environment at deploy time. Picketlink already has this capability, but I think we can go beyond what it currently offers. The basic idea for the Keycloak subsystem is that no application should ever need to define anything about authentication. At development time, the application should not need to know anything about Keycloak or really anything about authentication at all. The application should only need to know about authorization and the roles it wants to define. So using the Keycloak subsystem, an application will not be required to use: * keycloak.json * jboss-web.xml * jboss-deployment-structure.xml (Did I leave anything out? It looks like this is what an app currently needs to work with Keycloak.) >From the Keycloak admin UI, you will be able to choose an application and add it to a Keycloak realm. When that application is deployed, the Keycloak subsystem adds all that used to be defined in keycloak.json, jboss-web.xml, and jboss-deployment-structure.xml. The big picture is that a developer never needs to think about authentication. And an administrators never need to crack open a WAR or worry about what authentication was built into some WAR he wants to deploy. WDYT? Stan _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev