Do you care about usability at all? Not everything can fit into nice
little boxes all the time. This is going to be extremely confusing for
users. I ran into it myself as I thought the jboss add-user.sh script
was overwritten by our distribution script by mistake. *OF COURSE* we
should have a separate add-user.sh script. Even when, hopefully, JBoss
can delegate to Keycloak in maybe 7.1. If we are going to leverage the
JBoss platform, and this means the JBoss documentation too, every
management function that exists in JBoss should be available in Keycloak
and *WORK THE SAME WAY*. If we don't change this, we're going to get a
ton of support questions that say: "Why doesn't add-user.sh work?"
On 4/23/2016 1:29 AM, Stian Thorgersen wrote:
In the future we need to secure the underlying WildFly with rhsso. In
which case our add-user will add users for both Keycloak and WildFly/EAP.
IMO there's going to be confusion until the above is solved no matter
what we do. We'll need to document this whichever way we do it.
Options are stay with what we have or rename our script. My vote goes
to keep as is and document it. Then hopefully by 7.1 we can secure the
WildFly bits so the problem goes away. With the other option (rename
ours) there will be a problem once WildFly bits are secured by
Keycloak as now the wf add-user script should no longer be used and
completely removed at which point we should then rename it back. So in
the long run sticking with how it is today is ideal. It's also way to
late making changes now. BTW this has been around for months.
On 22 Apr 2016 22:14, "Bill Burke" <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
On 4/22/2016 3:57 PM, Marek Posolda wrote:
> That's the question...
>
> For server distribution, we also have our stuff ( keycloak
subsystem,
> datasource, infinispan etc) directly declared in
"standalone.xml". On
> the other hand, for overlay distribution, we don't want to directly
> update default "standalone.xml", so we are adding our own
> "standalone-keycloak.xml". Isn't it quite similar thing?
>
Product will not have the overlay distribution.
> We can do the same for overlay and server distribution, so never
edit
> default wildfly files ( standalone.xml , add-user.sh), but
always use
> our own versions with "-keycloak" suffix. Advantage is more
> consistent. However people will need to always start keycloak server
> with "./standalone.sh -c standalone-keycloak.xml" then. Doesn't
it
> sucks from the usability perspective?
>
The overlay exists because we can't distribute EAP within community.
Keycloak should be run as a separate server, so, IMO, -keycloak.xml
files should go away and overwrite standalone.xml,
standalone-ha.xml and
domain.xml
> I honestly don't know what's the best way regarding usability. AFAIK
> this was decided on mailing lists couple of months ago, but don't
> remember the exact threads...:/
>
I'm pretty adamant about this. There will be a huge amount of
confusion
if we don't make this separation. Wildfly/JBoss and Keycloak are hard
enough to configure as it is.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com