July 2013 - keycloak-dev - Jboss List Archives

by Bill Burke

Ok, I have an end-to-end demo of the token service working. See here for details on how to testdrive: https://github.com/keycloak/keycloak/tree/master/examples/as7-eap-demo The code still needs a lot of unit testing and refactoring. I also need to refactor it to work with the latest Picketlink release. And finally refactor the bits out to integrate social login. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

1
0
0 / 0

Hangout 10am Tuesday?

by Bill Burke

Google hangout 10am Tuesday EST? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

3
2
0 / 0

Realm login page "Powered By Keycloak"

by Bill Burke

We'll need a small icon or text at bottom of Realm login page that says "Powered By Keycloak". This is because we'll be having social logins use a global Keycloak social account by default and the user will need to make the mental association if they ever want to revoke priviledges. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

1
0
0 / 0

Wiki

by Bill Burke

I've waited more than a week to get a Wiki page set up on jboss.org, so, screw them...We'll just use Github's: https://github.com/keycloak/keycloak/wiki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

1
0
0 / 0

Re: [keycloak-dev] Pulling stuff from IdentityBroker and next steps....

by Bill Burke

What I'd really like to do is to get the protocol and flows working before focusing on the admin UI and REST interface for it. I have SSO login working. Working on Single Log Out today. Then OAuth grants. I'm working from a demo under /examples/as7-eap6. It requires you to install Resteasy 3.0.2 on top of EAP 6.1, then run mvn jboss-as:deploy. I'm committing and merging every time I get something new working. If I can get logout, and OAuth finished by Monday, we can have a hangout to discuss how we can fit Social into this flow. Hopefully after the meeting you can focus on getting social to work and I can then work on the backend some more to get it working with the latest Picketlink that was released today. On 7/26/2013 9:37 AM, Stian Thorgersen wrote: > So that completes the pulling stuff from IdentityBroker task.. Now we need to look at how to integrate the pieces. > > UI > -- > For UI there's a dummy REST resource (org.keycloak.ui.example.Admin) that we could use as a starting point for defining the real admin REST endpoints for Keycloak. > > Social > ------ > Needs to be able to: > > * Retrieve information about the application (realm, provider key, provider secret, etc.) > * Get/save/update users in IDM > * Login and redirect back to application > > HTML SDK > -------- > We didn't really get much value from IdentityBroker here. As you've suggested it would probably be safest to use a server-side solution for the login/registration forms. > > It would be good to have a Hangout early next week to discuss the next steps. In the mean time I can have a look at improving the login/registration forms. > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

1
0
0 / 0

UI pulled from IdentityBroker

by Stian Thorgersen

I've pulled in the Admin UI from IdentityBroker. It's updated to match the current details required for applications and realms, including support for roles and role mappings. For the time being it uses a dummy REST endpoint that is defined in the UI module itself, so it's possible to try it out and play with it, but it obviously won't configure the actual Keycloak server at the moment.

10 years, 9 months

1
0
0 / 0

redirects vs. javascript logins

by Bill Burke

To do SSO, keycloak server sets a session cookie so that the user doesn't have to relogin if the cookie is set. This will have issues with the custom login, like the way the Event Juggler app works. Correct me if I'm wrong, but for Event Juggler, the login page is hosted at the Event Juggler website? And the app would do an HTTP invocation to obtain the token, correct? The problem with this approach is that we wouldn't be able to set the login session cookie as all cookies will be HttpOnly and not accessible via javascript (due to security issues). So, SSO would not work, and the user would have to relogin for each additional site they visited. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

2
4
0 / 0

vanilla vs. javascript login page

by Bill Burke

It will be great to use angular, et. al. to build the admin console. But, should we avoid Javascript for the login page? I'm thinking of older browsers and the tightrope you have to walk there to make sure everything works... -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

2
1
0 / 0

configuring social providers

by Bill Burke

In looking at your demo, is there any reason you need to define the metadata for the social provider? Can't you either a) Preconfigure Keycloak server with Twitter, Google+ account? b) Automatically configure the social provider without user input. Since Keycloak is already a broker, why does a user need to input any of that metadata? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 9 months

4
21
0 / 0

Pulled in social from IdentityBroker

by Stian Thorgersen

I added social from IdentityBroker yesterday. It's not integrated with Keycloak yet, but there are todo comments in "org.keycloak.social.resources.SocialResource" that describes what's required to integrate it with Keycloak. Once things are ready and I know how to fill in the gaps I'll do so.

10 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev July 2013