----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, 5 November, 2013 4:21:54 PM
Subject: Re: [keycloak-dev] bundle an SMTP server?
I disagree. Users aren't going to download Keycloak and immediately use
it in production. Autogenerated self-signed SSL certs, an SMTP server,
and a preconfigured DB all make sense as then the user can immediately
use keycloak in development and configure certs, db, etc. later when
they want to run it in production.
Why would a developer need SSL? There's a good reason why I wouldn't want to have
a self-signed cert while doing dev/test and that's the fact that the browser will keep
bugging you telling you that the certificate is not valid. I think Firefox let's you
accept the certificate permanently, but Chrome will just keep bugging you over and over
again.
With regards to SMTP server, I think it's going to be rare that a developer needs
this. If when it's needed during development, I would at least personally prefer to
just have it print the email to the log, or just have it use my gmail account for sending
mails. Emails sent from a email server that is not properly associated with a domain will
with a high likely hood end up in spam.
The simplest solution for a developer to use Keycloak would in my opinion be a fully
hosted solution. That way you can have proper SSL cert, email server and db, all without
having to worry about anything other than using it. The second best would be a proper
OpenShift cartridge. This would let you use the shared OpenShift SSL cert, a proper db
(automatically configured and setup), but AFAIK there's no email server cartridge for
OpenShift. There may be a good reason for that, a shared email server that lets anyone
send emails could be used to send spam, and would result in it being quickly blacklisted
by spam filters.
The less things a developer has to do to testdrive keycloak the better.
Too bad we can't offer preconfigured social provider. Then again, I
guess we could, and hope google, et. al. doesn't shut it down.
On 11/5/2013 10:57 AM, Stian Thorgersen wrote:
> Personally I don't think the zip dist should configure smtp, db or ssl.
> This should be left to an appliance (OpenShift cartridge?) or a hosted
> solution (keycloak.org?).
>
> * SSL certificates needs to be signed and associated with a domain
> * SMTP servers needs to be associated with a domain
> * Embedded relational db's are pretty crap and not suitable for production
>
> SMTP has quite a few caveats to make sure emails are not blocked by spam
> filters.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Tuesday, 5 November, 2013 3:04:45 PM
>> Subject: [keycloak-dev] bundle an SMTP server?
>>
>> Along the lines of wanting to run out of the box, is there any reason we
>> shouldn't bundle an SMTP server (i.e. James) and have it preconfigured?
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com