----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 14 November, 2013 5:20:10 PM
Subject: Re: [keycloak-dev] Don't show KEYCLOAK_APPLICATION and
KEYCLOAK_IDENTITY_REQUESTER externally
On 11/14/2013 12:02 PM, Stian Thorgersen wrote:
> Ok - I can sort these out.
>
> By the way I've updated the dist to WildFly + made it use persistent H2 by
> default. Once we've got a release somewhere I can quickly modify my
> WildFly OpenShift QuickStart to make it easy to get Keycloak up and
> running on OpenShift. I haven't looked at configuring SSL by default yet
> though, maybe that's something we can push post-M1?
>
Might be as easy as running keytool within run.sh if the appropriate
keystore doesn't exist in the distro. That was my thinking at least.
That's simpler than my pure-java idea ;)
I was going to create the cert from within KeycloakApplicationServer then setup the https
connector at runtime (can be done from a war, but need to find the code for it, had it
somewhere but now it's lost).
My reasoning was that I don't have a Windows machine so couldn't test adding this
to standalone.bat. Whatever you add to standalone.sh needs to be tested with cygwin as
well. In the future we could utilize this to have a required setup page on the admin
console, where the admin needs to either upload his own cert or click the auto-generate
cert.
FYI, there is currently a nasty bug in Undertow/Wildfly where the
JSESSIONID cookie's path is set to '/' and thus sessions (well really 1
session) are shared between deployed WARs :( Sort of makes our demo
undemo-able :)
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com