10:11 a.m.
On 19.9.2013 14:29, Bill Burke wrote:
On 9/19/2013 5:10 AM, Stian Thorgersen wrote:
> Bill, I assume you would be happy with Marek adding MongoDB to M1 as long as we take
on any work related to it?
>
> It's important for the MBaaS project.
I'd be happy to ditch Picketlink and use Mongo. Marek, is it something
that can be learned quickly?
yes, I think it is. I can easily add the possibility
to have
automatically trigger startup of embedded Mongo DB, so you won't need to
do/install anything special.
Besides that I've made some simple wrapper API for mapping, which will
allow to have just annotations on getter/setter objects and
automatically load/save whole object directly from/to MongoDB (Not
something like full ORM but subset of it, which I hope is simplifying
things and allow to lately add support for more things like indexes on
some fields etc)
Marek
> I think we need to have:
>
Keep in mind that this is just a milestone release to garner community
interest and show Red Hat management that we're capable of delivering
something.
> * REST endpoints for admin tasks - managing realms, applications and users - it
should be possible to authenticate to these using TokenService
> * REST endpoints for user tasks - login, register, change password, etc. - same again
authenticate using TokenService
> * Document all REST endpoints
> * Forms for required user actions - register, verify email, reset password, update
profile (for social)
>
As I said in the OP, if we had a read-only backend that was just one or
two big JSON or XML files, the admin could edit them directly. Then
there would be no need for a management REST or UI interface, no need
for registration, email verification, reset password, etc... We would
just ship a token service, login page, and oauth grant page in this
scenario. As I mentioned in the OP, there's still a lot of work to do
just to do this.
Another option is to hold off on the Admin Web UI and do a console
command line interface. This would allow us to flush out the admin REST
interfaces.
All this depends when we want to do an M1 release. If we're find with
an end-of-year release, then we can keep doing what we're doing instead
of refocusing.
> The admin console could be (and should be IMO) separated out completely. To enable it
you would register it as an application with the Keycloak server and configure it in the
same way as you use any other application. This way it can be released separately to the
main Keycloak server (and also deployed separately). I also think we should get rid of the
authentication parts in SaasService and use TokenService instead. This is to reduce the
duplicated effort, and also I think that's the correct approach in either case - the
admin console (and any other consoles, cli, etc.) should just be applications registered
with Keycloak and use public rest endpoints for authentication and to manage
realms/apps/users.
>
Ok, that sounds good. I agree that SaaS login and registration probably
needs to go. From our conversations it seems that we're not going to be
deploying Keycloak as a SaaS that services multiple accounts, even in a
cloud environment. All this effects the design of the backend and how
we bootstrap, configure, and install Keycloak. We need a separate email
thread to discuss this.