ditching Transaction
by Bill Burke
I'll be ditching Transaction class and implementing Servlet Filters to
replace it. Undertow will be used for unit testing. Should have
something committed EOD.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
Areas for contributions
by Bill Burke
Trying to put together a high-level list of areas people can contribute
to. Any other ideas?
* Backend REST Services (Token, Admin, etc.)
* Persistence backends (i.e. Picketlink, Infinispan, flat-file, MongoDB)
* User-facing UI (registration, acct mgmt. etc.)
* Admin UI (user, roles, application, realm management)
* Admin Command Line Interface
* Server-side integration (Wildfly, Jetty, Tomcat, Rails, PHP, etc...)
* Social Provider plugins (whatever we are missing)
* Given the latest instability of Google Authenticator, I was wondering
if this is a project we should fork and brand for Red Hat/Keycloak? I
think there's some value add we can have here with special Keycloak
integration.
* Create a demo and/or library for a Mobile client. I'm personally only
familiar with iPhone development.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
Where we at?
by Bill Burke
Haven't worked on keycloak for 2weeks+ because of my book revision.
Done now, and I can focus mostly on Keycloak.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
Are both "id" and "name" needed on RealmModel?
by Marek Posolda
Actually in RealmModel there are methods:
String getId();
String getName();
void setName(String name);
and in KeycloakSession there are methods:
RealmModel createRealm(String name);
RealmModel createRealm(String id, String name);
RealmModel getRealm(String id);
There is also quite strange mapping as model attribute "id" is mapped in
Picketlink partition as "name" and model attribute "name" is mapped in
Picketlink as "realmName" (I used something similar for my MongoDB
prototype as well).
I wonder if it's really needed to have both "id" and "name" in model?
Picketlink allows to search Partitions by "name" (represented in
Keycloak as "id"), so I think that it should be good enough to have in
model just "name" and map it to Picketlink "name".
So I would propose to remove "id" from model and have RealmModel like:
String getName();
void setName(String name);
and KeycloakSession like:
RealmModel createRealm(String name);
RealmModel getRealm(String name);
and map "name" to Picketlink "name", which will also allow searching by it.
BTW. It seems that almost all places in Keycloak (despite few unit
tests) are always using same value for "id" and "name". For example:
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM,
RealmModel.DEFAULT_REALM);
So I don't know why to have this duplicity.
Marek
10 years, 7 months
Keycloak installation based on MongoDB
by Marek Posolda
Hi,
Thomas asked me to investigate possibility of using NoSQL database
(MongoDB) instead of Picketlink as storage of Keycloak identity data. At
this moment, I have working MongoDB prototype here
https://github.com/mposolda/keycloak/tree/nosql . Keycloak already has
flexible identity model, which easily allows to provide different
abstraction for storing of identity data, so I just needed to create my
own implementations of KeycloakSessionFactory and KeycloakSession
interfaces and model classes. I almost didn't need to touch existing
code despite some changes in KeycloakApplication class to allow
switching between Picketlink and MongoDB. Note that Picketlink is still
used by default if you don't provide system property
-Dkeycloak.sessionFactory=mongo.
To try it, you just need working installation of MongoDB and then you
can run Keycloak with:
./standalone.sh -Dkeycloak.sessionFactory=mongo
-Dkeycloak.mongodb.host=localhost -Dkeycloak.mongodb.port=27017
-Dkeycloak.mongodb.databaseName=keycloak
(Last 3 properties can be usually omited as localhost/27017/keycloak are
default values for host, port and databaseName. MongoDB is installed on
port 27017 by default and it automatically creates database "keycloak"
if it doesn't exist).
There is still work needed, but actually almost everything, which works
for Picketlink works for MongoDB as well. Let me know if you have any
questions, concerns.
Marek
10 years, 7 months
creating a realm UI
by Bill Burke
I was thinking about this a little more. What does an admin need to
create an initial social or SSO realm? Minimally for 1st application?
* Name of Realm
* Name of Application
* Credentials for Application (password)
* Enable Social
* Enable Registration
So, initial page could be:
New Realm Name: xxxxxxx
Social X Registration X
<Secure an App Link/Button>
By default Social/Registration is checked for our Openshift Cartridge as
there's a high probability users want a social server. For Keycloak
downloads, Social/Registration is unchecked by default as these users
probably want this for their Intranet.
Clicking the <Secure an App> link or button brings you to the new
application creation page.
New Application Name: XXXXXXXX
Base URL: XXXXXXXX
Credentials
Password: XXXXXX
Repeat Password: XXXXX
<SAVE> <CANCEL>
Clicking <SAVE> brings you to the application page:
Application Name: FOOBAR
Base URL: http:://foobar.com/app
<Secure WAR for JBoss EAP 6.1>
<Secure WAR for Wildfly 8.0>
<Secure WAR for Tomcat>
<Secure for Rails>
<Secure PHP>
etc....
Clicking on one of the links brings you to an informational page:
Page: CONFIGURING FOOBAR APPLICATION
<h3> JBoss EAP 6.1 </h3>
Place the following keycloak.json file in your WAR's META-INF directory
|Shows a json file|
Edit your jboss-web.xml file and add the following valve configuration
|Shows an XML file|
Download Resteasy 3.x
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
Associate social account with IDM user
by Stian Thorgersen
We need to be able to associate multiple social providers with an IDM user. At the moment this is not based on the username of the account (for example google.23897892sdf). This has to main drawbacks:
* Horrible username
* Can only associate a single social account with an IDM user
What is the best way to store this information? We mainly need to store what social providers a user has linked and the social userid. In the future we may also want to associate access tokens as well. We also need to lookup a user based on the social provider + social userid.
10 years, 7 months
Working on the HTML for the Admin Console
by Gabriel Cardoso
I'm working on the HTML for the Admin console, initially for the Application creation page.
I will structure it using Twitter Bootstrap 3 and create a custom stylesheet above it to provide the Red Hat Look and Feel.
The expected result is something like the image below.
I'll structure the page according to what we discussed on the wireframes.
Gabriel
10 years, 7 months