On 27.10.2014 17:53, Bill Burke wrote:
Bolek made a good point to me privately. If you were creating a
simple
"hello world" app, would you use Keycloak? Right now, there's a lot of
configuration steps.
1. Install keycloak server and/or adapter (unless you are using the
appliance distro.
2. Log into admin console
3. Create a realm
4. Create an application
5. Enter in all the configuration items
6. Extract a keycloak.json file (or service.xml)
7. Edit the WAR or add service.xml to standalone.xml
8. Back to admin console
9. Create some users
How could we make it better?
* Have a test realm pre-set up
I wonder that we can do this as part of
keycloak-bootstrap.json for
this? We can remove ApplianceBootstrap and add this
keycloak-bootstrap.json file with basic data for both "master" and
"test" realm. This will allow people that they can add more users into
'master' or 'test' realm, or in production they can remove 'test'
realm
entirely etc.
* Keycloak adapter is aware of a locally installed server and of the
test realm
* adapter an automatically registers the web app with the locally
installed test realm.
Maybe we can partially support specification
http://openid.net/specs/openid-connect-registration-1_0.html ? Not sure
how far we want to go with that. If we allow this auto-registration just
for the "test" realm (just development setup), then we may not need any
additional security of adapters to keycloak.
Marek
* Have a JAAS User Federation SPI plugin and have it pre set up with
the
test realm.
* Have IP ACL per realm so that the test realm can't be accessed outside
of localhost.
Other ideas?