Updated JBoss and WildFly maven plugins
by Stian Thorgersen
I've added WildFly maven plugin. Also made both JBoss and Maven plugins skipped by default in Keycloak parent. This means we only need to specify those in modules that should be deployed (see server/pom.xml for example).
As examples/demo-template are skipped as well you can't do a "mvn jboss-as:deploy" or "mvn wildfly:deploy" from the root as the examples will not deploy successfully. Instead you'll have to do "mvn -pl server jboss-as:deploy" or "mvn -pl server wildfly:deploy" to deploy the server.
Keycloak doesn't seem to be working on 8.1.0.CR2, I know they had to do some tweaks to get it working in LiveOak so I'll look at that now.
10 years, 7 months
Proposed changes to dist bundles
by Stian Thorgersen
I'd like to do some changes to our distribution to make it easier to automate/script installing Keycloak.
This would include:
* Deploy server-war to Maven
* Add appliance-dist and war-dist to Maven
* Some layout changes to appliance-dist
I'd like to rename appliance-dist to just dist, and move everything in the keycloak folder up one level. So the contents of "keycloak-dist-<version>.zip" would be (not including everything):
- adapters
- bin
- standalone
- configuration
- keycloak-server.json
- themes
- deployments
- auth-server.war
- docs (combined with WildFly docs, or replace WildFly docs, not sure which?)
- examples
10 years, 7 months
automated REST api docs
by Bill Burke
I integrated jax-doclets[1] somewhat into our build.
if you do the following:
1. cd ${keycloak.project.root}
2. mvn javadoc:javadoc
3. cd services
4. mvn package
The jax-doclets are in
services/target/site/apidocs
Then if you do:
5. cd distribution
6. mvn clean install
The docs/ directory that is included will have a rest-api directory and
those jax-doclets will be linked to the Keycloak javadocs.
The REST docs aren't the greatest. I tried out Swagger-jaxrs-doclet,
and swagger-ui but I couldn't get it to work offline (nor online).
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
FYI: can't use token to auth admin console
by Bill Burke
Too much kid stuff lately! Sorry I haven't been productive past 2
days...But...
FYI: We can't use role mapping information in access token to authorize
admin console access. This is because users may be creating new realms
which will update their role mappings on the fly with the new admin
roles created for that new realm.
What will happen is that the client id will be extracted from token and
authorization based on client scope and user role mappings will be done
dynamically.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
Composite roles list on mapping page
by Stian Thorgersen
I like the new "composite roles list" on the user role mapping, and app scope mapping pages. I did find the title a bit confusing though, maybe we could change "Composite roles" to "Effective roles"?
10 years, 7 months
release next wed
by Bill Burke
I'd like for us to stop submitting more JIRAs for beta-1 unless they are
blockers. Try to have a code freeze by Mon-Tues and focus on
documentation, then release Beta-1 on Wed or Thurs.
Please edit the Migration docs to reflect any changes that are
incompatible with Alpha-4.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 7 months
Issues with the first login flow
by Gabriel Cardoso
When the user first installs LiveOak, he is asked to enter a username / password: https://dl.dropboxusercontent.com/u/2730435/login.png
After entering admin/admin, the page slightly changes and a message is displayed: https://dl.dropboxusercontent.com/u/2730435/password.png
Since the changes on the page are very subtile, the user might not realize that he needs to update the password and might try to log in again. This happened with me and Thomas, who stated:
"for some reason, I didn't see that the form has changed and not asking for my username/password anymore but new password/confirmation of password
I lost a bit of time as I was wondering where to change the password (it was just in front of me really…)”
I don’t see a reason for having the login page for the first login. Instead, we could have only the page to update the password, like suggested in this wireframe: https://issues.jboss.org/secure/attachment/12379916/1%20Update%20Password...
Is this something managed by Keycloak? Is it possible to make this change?
Gabriel
---
Gabriel Cardoso
User Experience Designer @ Red Hat
10 years, 7 months
Some issues with admin console
by Stian Thorgersen
I've spotted a few issues with the admin console:
Roles are retrieved directly from UserModel instead of token - this will cause it to bypass scope for app/client. https://issues.jboss.org/browse/KEYCLOAK-484
Once in a while the page is empty when opening the admin console - this is caused by WhoAmI request not being completed before the page is displayed. I think the solution to this is to remove WhoAmI and use information from the token instead. When a realm is created/deleted we should redirect to login page to retrieve a new token (this will be required for the above any ways). https://issues.jboss.org/browse/KEYCLOAK-482
I can look at fixing these tomorrow
10 years, 7 months
Distribution artifacts in Maven
by Stian Thorgersen
I'd like to add the server war and also the server dist to Maven:
* org.keycloak:keycloak-server:war
* org.keycloak:keycloak-dist:zip
Also I'd like to add an additional file to sourceforge:
* keycloak-<version>.zip
keycloak-dist and keycloak-<version>.zip would contain a single folder "keycloak-<version>" equivalent of WildFly dist.
10 years, 7 months
