I might be missing something, here is my attempt:
[standalone@localhost:9990 /]
/system-property=keycloak.url:add(value="http://10.0.1.7/auth")
{"outcome" => "success"}
or
public class UpsKeycloakApplication extends KeycloakApplication {
public UpsKeycloakApplication(@Context ServletContext context, @Context Dispatcher
dispatcher) {
super(context, dispatcher);
System.setProperty("keycloak.url", "http://10.0.1.7/auth");
}
}
JSON files:
- keycloak.json
{
"realm" : "aerogear",
"auth-server-url" : "${keycloak.url}",
"ssl-required" : "external",
"resource" : "unified-push-server",
"bearer-only" : true,
"disable-trust-manager" : true
}
- admin-ui-keycloak.json
{
"realm" : "aerogear",
"auth-server-url" : "${keycloak.url}",
"ssl-required" : "external",
"resource" : "unified-push-server-js",
"public-client" : true
}
Exception:
17:07:38,649 ERROR [org.jboss.as.controller.management-operation]
(DeploymentScanner-threads - 2) JBAS014613: Operation ("deploy") failed -
address: ([("deployment" => "ag-push.war")]) - failure description:
{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./ag-push" =>
"org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./ag-push: Failed to start service
Caused by: java.lang.IllegalArgumentException: Illegal character in path at index 1:
${keycloak.url}
Caused by: java.net.URISyntaxException: Illegal character in path at index 1:
${keycloak.url}"}}
I also tried to make use of keycloak.auth-sever available here
----- Original Message -----
> From: "Bruno Oliveira" <bruno(a)abstractj.org>
> To: "Bill Burke" <bburke(a)redhat.com>
> Cc: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 25 November, 2014 2:35:58 PM
> Subject: Re: [keycloak-dev] Programatic configuration
>
> Double checking to see if my understanding is correct. On UPS realm we
> have 2 applications:
>
> "applications": [
> {
> "name": "unified-push-server",
> "enabled": true,
> "bearerOnly": true
> },
> {
> "name": "unified-push-server-js",
> "enabled": true,
> "publicClient": true,
> "baseUrl": "/ag-push",
> "redirectUris": [
> "http://localhost:8080/ag-push/*"
> ]
> }
> ]
>
> The only resource which requires to be modified dinamically is
> unified-push-server-js. So making
> use of servlet listeners like Bill did in the past for UPS we have:
>
> AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext)
> sce.getServletContext().getAttribute(AdapterDeploymentContext.class.getName());
> AdapterConfig config = new AdapterConfig();
> config.setRealm("aerogear");
> //Dinamically replaced
> config.setRealmKey("MIGfMA0GCSqGSIb3DQEBAQUAA");
> //Dinamically replaced
> config.setAuthServerUrl("http://mydomain.com:8081/auth");
> config.setResource("unified-push-server-js");
> config.setSslRequired("external");
> config.setPublicClient(true);
> deploymentContext.updateDeployment(config);
>
> Into this way we can remove unified-push-server-js from ups-realm.json,
> right? One thing not totally clear is about Keycloak.js. Currently we
> have something like:
>
> Keycloak kc = new Keycloak('config/keycloak.json')
>
> With the changed mentioned above, the JSON file is still required? Or
> not necessary?
I don't see any point in having all of that, just use the keycloak.json with a system
property for the auth-server url. The realm keys are automatically downloaded so no need
to specify those.
>
>
> On 2014-11-25, Bill Burke wrote:
> >
> >
> > On 11/25/2014 7:50 AM, Stian Thorgersen wrote:
> > >
> > >
> > > ----- Original Message -----
> > >> From: "Bruno Oliveira" <bruno(a)abstractj.org>
> > >> To: "Stian Thorgersen" <stian(a)redhat.com>
> > >> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
> > >> Sent: Tuesday, 25 November, 2014 1:29:24 PM
> > >> Subject: Re: [keycloak-dev] Programatic configuration
> > >>
> > >> On 2014-11-25, Stian Thorgersen wrote:
> > >>>
> > >>>
> > >>> ----- Original Message -----
> > >>>> From: "Bruno Oliveira" <bruno(a)abstractj.org>
> > >>>> To: "keycloak dev"
<keycloak-dev(a)lists.jboss.org>
> > >>>> Sent: Tuesday, 25 November, 2014 12:22:22 PM
> > >>>> Subject: [keycloak-dev] Programatic configuration
> > >>>>
> > >>>> Good morning, we've been discussing the following workflow
on
> > >>>> AeroGear:
> > >>>>
> > >>>> First time
> > >>>>
> > >>>> 1. Developer create an UPS instance on OpenShift
> > >>>> 2. Visit
https://myups-abstractj.rhcloud.com/ag-push
> > >>>> 3. The application automagically redirect to the configuration
page
> > >>>> the
> > >>>> with
> > >>>> options default or Custom — where default make use of the
embbeded
> > >>>> Keycloak on UPS and custom our developer would be able to
specify
> > >>>> another Keycloak instance
(
http://andresgalante.com/configuration/)
> > >>>> 4. App changes the keycloak.json/ups-realm.json file based on
the URL
> > >>>> provided.
> > >>>>
> > >>>> Second time
> > >>>>
> > >>>> 1. Visit
https://myups-abstractj.rhcloud.com/ag-push
> > >>>> 2. The application check if some configuration already exists
(default
> > >>>> or custom)
> > >>>> 3. Redirect users to UPS login page or Keycloak login page. It
pretty
> > >>>> much depends.
> > >>>>
> > >>>> I would like to programatically change (via Java)
`ups-realm.json`,
> > >>>> `keycloak.json`
> > >>>> and `admin-ui-keycloak.json`. See
> > >>>>
https://github.com/abstractj/aerogear-unifiedpush-server/commit/e8fc8461f...
> > >>>>
> > >>>> Possible alternatives off the top of my head:
> > >>>>
> > >>>> 1. Read/manipulate JSON files from the database and provide
> > >>>> `keycloak.json`
> > >>>> and
> > >>>> `admin-ui-keycloak.json` as a resource like Keycloak team did
for
> > >>>> JavaScript
> > >>>>
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
> > >>>> 2. Dinamically generate to a shared place on WildFly
`keycloak.json`
> > >>>> and
> > >>>> `admin-ui-keycloak.json` files.
> > >>>>
> > >>>> Do you have a better idea?
> > >>>
> > >>> Is it only the auth-server url you're changing? keycloak.json
supports
> > >>> system properties so you can use for example {
"auth-server" :
> > >>> "${keycloak.url}" }. If you do that you don't have
to rewrite the file
> > >>> at
> > >>> all.
> > >>
> > >> Yes! That's gorgeous! Am I supposed to define it during the
bootstrap?
> > >> For ups-realm.json file, I'm considering to make use of
> > >> AdapterDeploymentContext like we did in the past, because the
redirect
> > >> url must dinamically change
> > >>
https://github.com/abstractj/aerogear-unifiedpush-server/commit/e8fc8461f...
> > >
> > > How would AdapterDeploymentContext work for a remote KC server?
> > >
> > > In the past I had an idea of adding support for server aliases, so you
> > > could for example do "http://${ups}/ag-push" as the redirect-uri
in KC.
> > > Then we could provide some easy way to manage server-aliases, even
> > > allowing it to resolve to one or more urls.
> > >
> >
> > The idea was that the UPS mgmt console would allow you to specify a
> > remote keycloak URL. It would store this URL, then update the
> > AdapterDeploymentContext at runtime.
> >
> >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> >
http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev