Hi,

On Fri, Feb 7, 2014 at 3:15 AM, Bill Burke <bburke@redhat.com> wrote:

We still need to figure this out.

Can't port mappings be set up from the cartridge config so the
as7/wildfly mgmt HTTP interface can be exposed? There's also a problem
of setting up credentials for the as7/wildfly HTTP mgmt service. Quite
honestly, I'm not sure how we can use a Wildfly subsystem for this.

I am also not really sure on this, atm.

I started looking into this a bit this week, but didn't make real progress.

Next week I will continue;

We just might have to build support for all this within the keycloak
adapter itself. Allow it the ability to modify the keycloak.json file.
Then you only have one Aerogear UPS + Keycloak cartridge.

1. UPS would use a preconfigured co-bundled Keycloak for initial login
2. Initial login would require you to change the admin password
3. UPS Admin page allows you to switch Keycloak realms.
4. Switching a realm automatically creates the UPS Application on the
new Keycloak realm. It also rewrites the keycloak.json file, and also
modifies the adapter's runtime config.

Am I making any sense?

That would be for a bundled integration, where everything runs out-of-the-box, right?

I believe this does make sense, and would be a good starting point.

I am not yet sure on the 'external' case - e.g. where one company has a single Keycloak server, and several apps

pointing to it. If the org. than wants to run the UPS w/ against that keycloak as well, they would have to open the WAR and start editing some files.

-Matthias

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf